Cobalt Stike Beacon Detected – 121[.]4[.]253[.]90:8003
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OSINT
Malware Analysis – chaos – 664d942a2f98e3bf196dc627a1ee3ae9
Score: 10 MALWARE FAMILY: chaosTAGS:family:chaos, ransomwareMD5: 664d942a2f98e3bf196dc627a1ee3ae9SHA1: 925b0ef9d0e2f6ce159945138f97dda492fab4b8ANALYSIS DATE: 2023-01-14T08:58:12ZTTPS: T1064 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – djvu – ff660cfc3188548169fb503f22ec7333
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: ff660cfc3188548169fb503f22ec7333SHA1: a9f496bc96e2375a713a1664162b3556f62bd966ANALYSIS DATE: 2023-01-14T09:46:49ZTTPS: T1053, T1012, T1082, T1005,...
Malware Analysis – djvu – e30884dd5b5487ff1afab6301420abd2
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: e30884dd5b5487ff1afab6301420abd2SHA1: fbda6109e87f008034869c7405d0a839868690d7ANALYSIS DATE: 2023-01-14T09:18:42ZTTPS: T1060, T1112, T1222, T1053,...
Malware Analysis – discovery – 0ac22daa944ab6c3be7bbdbff316be63
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 0ac22daa944ab6c3be7bbdbff316be63SHA1: 42a248e33566687c80783751d4b01af0ee48af15ANALYSIS DATE: 2023-01-14T11:26:45ZTTPS: T1082, T1060, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 3a862f889fa5aa53e46a40692624a13f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 3a862f889fa5aa53e46a40692624a13fSHA1: 8967ffdfe1b02094e376ae9aadec9339f1d9d92eANALYSIS DATE: 2023-01-14T11:21:49ZTTPS: T1012, T1082, T1005, T1081,...
Empire C2 Detected – 45[.]76[.]150[.]166:80
The Information provided at the time of posting was detected as "Empire C2". Depending on when you are viewing this...
Daily Vulnerability Trends: Sat Jan 14 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-20452In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution...
BugCrowd Bug Bounty Disclosure: – Improper Authorization – Second (Additional) Driver can list “add-driver” invitation links – By sagarparmar121
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
Malware Analysis – djvu – ec606e5e431b4d6be09c3362a40cf60b
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: ec606e5e431b4d6be09c3362a40cf60bSHA1: d807d99153a82a491d19420eb133d4415aa0c057ANALYSIS DATE: 2023-01-14T03:02:49ZTTPS:...
Malware Analysis – lockbit – 260235a69a60ca8f424e1809fc01fd2b
Score: 10 MALWARE FAMILY: lockbitTAGS:family:lockbit, ransomware, spyware, stealerMD5: 260235a69a60ca8f424e1809fc01fd2bSHA1: 0647b7f536beeefa04eafbe877ad9e7227334aadANALYSIS DATE: 2023-01-14T03:06:36ZTTPS: T1082, T1005, T1081, T1012, T1112 ScoreMeaningExample10Known badA malware...
Malware Analysis – djvu – b4fb108e628474068b70b975ee54817f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: b4fb108e628474068b70b975ee54817fSHA1: 05a0863ba7cb981d91807961c1dad86887d8867dANALYSIS DATE: 2023-01-14T03:25:23ZTTPS: T1222, T1012, T1053, T1082,...
Malware Analysis – revengerat – 19c677bb8cda5703f42c143bb4251e6a
Score: 10 MALWARE FAMILY: revengeratTAGS:family:revengerat, family:xmrig, botnet:guest, discovery, evasion, miner, persistence, ransomware, stealer, trojanMD5: 19c677bb8cda5703f42c143bb4251e6aSHA1: ad85336a7304a4e58b2a4f5c40b02f578aa00923ANALYSIS DATE: 2023-01-14T05:20:28ZTTPS: T1082, T1112,...
Malware Analysis – djvu – dd389d4033a9f3b4b038bb25d124cb46
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: dd389d4033a9f3b4b038bb25d124cb46SHA1: 7ed92f2d935aaf50af22423d774ebe0b8613c8f2ANALYSIS DATE: 2023-01-14T05:03:02ZTTPS:...
Malware Analysis – njrat – 596e8b4c50fa6579495c12756c3b5f14
Score: 10 MALWARE FAMILY: njratTAGS:family:njrat, botnet:hacked, discovery, evasion, persistence, ransomware, trojanMD5: 596e8b4c50fa6579495c12756c3b5f14SHA1: de331021e0b2f8fcb792db5cef59472c1964b3bfANALYSIS DATE: 2023-01-14T04:54:53ZTTPS: T1112, T1042, T1060, T1012, T1031,...
Malware Analysis – djvu – 45b0220aa7be949fcf01f1c68daedbb6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 45b0220aa7be949fcf01f1c68daedbb6SHA1: e743588797a064205c212beef52235d4224231e2ANALYSIS DATE: 2023-01-14T05:07:02ZTTPS: T1012, T1082, T1060, T1112,...
Royal Mail halts international services after cyberattack
The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused...
European police takes down call centers behind cryptocurrency scams
Multiple call centers across Europe controlled by a criminal organization involved in online investment fraud were taken down this week...
MetaMask warns of new ‘Address Poisoning’ cryptocurrency scam
Cryptocurrency wallet provider MetaMask is warning users of a new scam called 'Address Poisoning' used to trick users into sending...
RAT malware campaign tries to evade detection using polyglot files
Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR...
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a...
Cisco warns of auth bypass bug with public exploit in EoL routers
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers....
Royal Mail cyberattack linked to LockBit ransomware operation
A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. Yesterday, the...
PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities,...
