Cobalt Stike Beacon Detected – 116[.]62[.]189[.]237:6633
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OSINT
Cobalt Stike Beacon Detected – 124[.]223[.]64[.]107:7777
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Certsync – Dump NTDS With Golden Certificates And UnPAC The Hash
certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate...
Malware Analysis – – be1e1725c3b340b240184b1ab5d24aa3
Score: 1 MALWARE FAMILY: TAGS:MD5: be1e1725c3b340b240184b1ab5d24aa3SHA1: 155a7837de2908159780e14f0dde5b1f84b56ed1ANALYSIS DATE: 2023-06-23T14:19:14ZTTPS: T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – evasion – 23fa37722ffd69f30b03e7cb47cc282a
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 23fa37722ffd69f30b03e7cb47cc282aSHA1: 073aff7c57e6eeb11bf2dbece256bda705943223ANALYSIS DATE: 2023-06-23T15:02:10ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – amadey – 535702d8dc817423a68aab638e329fb1
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, botnet:pub1, backdoor, discovery, persistence, ransomware, stealer, trojanMD5: 535702d8dc817423a68aab638e329fb1SHA1: 7efba45e5286c24e56f66013b8f77eee368d4234ANALYSIS DATE: 2023-06-23T15:54:37ZTTPS:...
Malware Analysis – amadey – a1badc3d7679b8d66dc376c0e81152fa
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:fabookie, family:smokeloader, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, botnet:pub1, backdoor, discovery, evasion, persistence, ransomware, spyware, stealer, trojanMD5: a1badc3d7679b8d66dc376c0e81152faSHA1:...
Malware Analysis – djvu – dc4529c58230f2a089ae6cd1bf99769e
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, discovery, persistence, ransomware, spyware, stealerMD5: dc4529c58230f2a089ae6cd1bf99769eSHA1: 6c5b1b4977af56202951a7fbfdde7aaaa1e228e6ANALYSIS DATE: 2023-06-23T16:03:53ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – djvu – ead225734ff9814142fa6ba8339b7e85
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:153ce668f1e21829c936c2b11fa4d869, discovery, persistence, ransomware, spyware, stealerMD5: ead225734ff9814142fa6ba8339b7e85SHA1: 832e30d105d0145848b74fbbe59adc2540cbe640ANALYSIS DATE: 2023-06-23T15:56:51ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – evasion – aa7d2d8cabd380ba81873da3240eb31d
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealerMD5: aa7d2d8cabd380ba81873da3240eb31dSHA1: 7017c2558c57530b85d7fdedd1a1602dec5380dbANALYSIS DATE: 2023-06-23T17:13:58ZTTPS: T1490, T1031, T1562, T1489, T1082, T1005, T1081,...
Malware Analysis – evasion – 47bd2deca914a1687586f1532cd17c20
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealerMD5: 47bd2deca914a1687586f1532cd17c20SHA1: 4c698a81f7cd469276808c6f8244c9ccabc5291fANALYSIS DATE: 2023-06-23T17:13:58ZTTPS: T1490, T1031, T1562, T1489, T1082, T1005, T1081,...
Malware Analysis – egregor – 53370f3be23b9bed9d0e4f2992119448
Score: 10 MALWARE FAMILY: egregorTAGS:family:egregor, discovery, ransomwareMD5: 53370f3be23b9bed9d0e4f2992119448SHA1: 39e2162ef58f2e19f2b2af0e12d25fd1bcfe7691ANALYSIS DATE: 2023-06-23T16:07:59ZTTPS: T1012, T1082, T1057 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – evasion – 31ed190022685b6533d174fd5e042b83
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, upxMD5: 31ed190022685b6533d174fd5e042b83SHA1: 91fbb829f198afe9baae57b17bdb18a8ad487bc9ANALYSIS DATE: 2023-06-23T16:40:21ZTTPS: T1490, T1060, T1112, T1031, T1562, T1489,...
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA Adds Five Known Exploited Vulnerabilities to Catalog CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: VMware Releases Security Update for vCenter Server and Cloud Foundation
VMware Releases Security Update for vCenter Server and Cloud Foundation VMware has released a security update to address multiple memory...
Cybercrime Group ‘Muddled Libra’ Targets BPO Sector with Advanced Social Engineering
A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage...
NOESCAPE Ransomware Victim: Cyril Johnston Hire
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
NOESCAPE Ransomware Victim: Promotion Fulfillment Center
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct...
NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified...
The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins
The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of...
Cobalt Stike Beacon Detected – 124[.]220[.]160[.]248:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]241[.]225[.]61:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]15[.]107[.]182:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
