Cobalt Stike Beacon Detected – 103[.]45[.]143[.]169:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 107[.]189[.]3[.]56:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]113[.]224[.]80:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – wannacry – 3e1358176d57982beb922f2902a37fad
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, bootkit, persistence, ransomware, wormMD5: 3e1358176d57982beb922f2902a37fadSHA1: db139653e9dd7c669efdfddd69c991b72dcb428bANALYSIS DATE: 2023-01-11T10:21:05ZTTPS: T1012, T1082, T1060, T1112, T1067, T1491 ScoreMeaningExample10Known...
Malware Analysis – discovery – 5a9d7261ca6fb48b5df18e3e5dcd12e4
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: 5a9d7261ca6fb48b5df18e3e5dcd12e4SHA1: c5e5601e995437ff625939876c7cf5a30d8e29eaANALYSIS DATE: 2023-01-11T10:18:25ZTTPS: T1012, T1497, T1082, T1112, T1042, T1060 ScoreMeaningExample10Known badA...
Malware Analysis – djvu – f0fa800da38d447e5ec5488cf0533783
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: f0fa800da38d447e5ec5488cf0533783SHA1: a18b649c13257ece20693771eda98eeb436d4248ANALYSIS DATE: 2023-01-11T10:20:44ZTTPS: T1082, T1053, T1012, T1060,...
Malware Analysis – djvu – 003110423bef9777e6ef2a55473bd34f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 003110423bef9777e6ef2a55473bd34fSHA1: 5a3036ea4d032f3f40a99cc5febd0133232e005eANALYSIS DATE: 2023-01-11T10:04:15ZTTPS: T1005, T1081, T1060, T1112,...
Malware Analysis – ransomware – b1a0dbcba5aa72bddf6a2619bd1c04d3
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: b1a0dbcba5aa72bddf6a2619bd1c04d3SHA1: 80c34dc43c0e0ea556f0412bfa6807f2a956f369ANALYSIS DATE: 2023-01-11T10:51:09ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – ransomware – 2f11fdaaca22cb7c54bb336e80340d3e
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 2f11fdaaca22cb7c54bb336e80340d3eSHA1: 3b2d7b85221ac8c0c7d7abcbb06566f53d20e7efANALYSIS DATE: 2023-01-11T11:24:50ZTTPS: T1005, T1081, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – 476931064a8b0ecf9a4f5fefd0680a45
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 476931064a8b0ecf9a4f5fefd0680a45SHA1: ee254056c2b0ea556627f3700f3d387bda411952ANALYSIS DATE: 2023-01-11T11:51:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – discovery – 992727441c0580255be639bd8a738be5
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: 992727441c0580255be639bd8a738be5SHA1: e49881c98d86f8b7bd9b80d4d52872b2d4c340f8ANALYSIS DATE: 2023-01-11T11:46:10ZTTPS: T1060, T1012, T1497, T1082, T1112, T1042 ScoreMeaningExample10Known badA...
Siemens SINEC INS code execution | CVE-2022-45094
NAME__________Siemens SINEC INS code executionPlatforms Affected:Risk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siemens SINEC INS could allow a remote authenticated attacker within the local...
SAP NetWeaver AS for Java security bypass | CVE-2023-0017
NAME__________SAP NetWeaver AS for Java security bypassPlatforms Affected:SAP NetWeaver AS for JAVA 7.50Risk Level:9.1Exploitability:UnprovenConsequences:Gain Privilege DESCRIPTION__________SAP NetWeaver AS for Java...
Zip4j weak security | CVE-2023-22899
NAME__________Zip4j weak securityPlatforms Affected:Zip4j Zip4j 2.11.2Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zip4j could provide weaker than expected security, caused by not always check...
GitLab CE/EE denial of service | CVE-2022-3613
NAME__________GitLab CE/EE denial of servicePlatforms Affected:GitLab Community Edition 15.7.1 GitLab Community Edition 15.6.3 GitLab Community Edition 15.5.6 GitLab Enterprise Edition...
SAP BusinessObjects Business Intelligence platform code execution | CVE-2023-0022
NAME__________SAP BusinessObjects Business Intelligence platform code executionPlatforms Affected:SAP BusinessObjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform 430Risk Level:9.9Exploitability:UnprovenConsequences:Gain...
Google Chrome code execution | CVE-2023-0134
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code execution | CVE-2023-21556
NAME__________Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code executionPlatforms Affected:Microsoft Windows 7 SP1 x32 Microsoft Windows 7 SP1 x64 Microsoft...
Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code execution | CVE-2023-21555
NAME__________Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code executionPlatforms Affected:Microsoft Windows 7 SP1 x32 Microsoft Windows 7 SP1 x64 Microsoft...
Microsoft SharePoint Server code execution | CVE-2023-21744
NAME__________Microsoft SharePoint Server code executionPlatforms Affected:Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft SharePoint Server 2019...
Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code execution | CVE-2023-21546
NAME__________Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code executionPlatforms Affected:Microsoft Windows 7 SP1 x32 Microsoft Windows 7 SP1 x64 Microsoft...
Microsoft Exchange Server spoofing | CVE-2023-21745
NAME__________Microsoft Exchange Server spoofingPlatforms Affected:Microsoft Exchange Server 2016 CU22 Microsoft Exchange Server 2019 CU11 Microsoft Exchange Server 2016 CU23 Microsoft...
Siemens SINEC INS directory traversal | CVE-2022-45093
NAME__________Siemens SINEC INS directory traversalPlatforms Affected:Risk Level:8.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Siemens SINEC INS could allow a remote authenticated attacker to traverse directories...
Microsoft Windows LDAP code execution | CVE-2023-21676
NAME__________Microsoft Windows LDAP code executionPlatforms Affected:Microsoft Windows Server 2019 Microsoft Windows 10 1809 for x64-based Systems Microsoft Windows 10 1809...
