Wanted Dead or Alive: Real-Time Protection Against Lateral Movement
Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators....
OSINT
Vice Society Ransomware Victim: CMC Group
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022
Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being...
Daily Vulnerability Trends: Mon May 01 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1)...
Google starts taking down CryptBot malware infrastructure
A court order has been granted to Google to take down the malware infrastructure associated with Cryptbot info stealer after...
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious...
CISA: Oracle Releases Security Updates
Oracle Releases Security Updates Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for...
CISA: VMware Releases Security Update for Aria Operations for Logs
VMware Releases Security Update for Aria Operations for Logs VMware has released a security update to address multiple vulnerabilities in...
CISA: CISA Releases Two SBOM Documents
CISA Releases Two SBOM Documents Today, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM...
CISA: Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core Drupal has released a security advisory to address an access...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling...
RansomHouse Ransomware Victim: 100X and ALL Clients
RansomHouse Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Requests for Comment on Secure Software Self-Attestation Form
CISA Requests for Comment on Secure Software Self-Attestation Form CISA has issued requests for comment on the Secure Software Self-Attestation...
CISA: CISA Releases One Industrial Control Systems Medical Advisory
CISA Releases One Industrial Control Systems Medical Advisory CISA released one Industrial Control Systems Medical (ICS) medical advisory on April...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These...
CISA: Abuse of the Service Location Protocol May Lead to DoS Attacks
Abuse of the Service Location Protocol May Lead to DoS Attacks The Service Location Protocol (SLP, RFC 2608(link is external))...
Malware Analysis – ransomware – ba619bc7920ba0650482c133ccea5c5c
Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: ba619bc7920ba0650482c133ccea5c5cSHA1: cd8fb4ccba1004f8590d0a3560ce55269a5622c1ANALYSIS DATE: 2023-04-30T16:09:52ZTTPS: T1082, T1012, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – djvu – e1c8709a50dea0c5375707bc0f35704f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, discovery, persistence, ransomware, spyware, stealerMD5: e1c8709a50dea0c5375707bc0f35704fSHA1: 8fcc189ac74ec1062c5fded765d14bbac321e42fANALYSIS DATE: 2023-04-30T16:13:45ZTTPS: T1222, T1053, T1012, T1005,...
Malware Analysis – ransomware – f221915cf579c55a805c1a109d079bba
Score: 7 MALWARE FAMILY: ransomwareTAGS:ransomware, upxMD5: f221915cf579c55a805c1a109d079bbaSHA1: 62e631a90d1ad721aa67e1328fb00e446f0be69eANALYSIS DATE: 2023-04-30T15:54:04ZTTPS: T1491, T1112, T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – amadey – edf83adc1b164b2f076bf78ca19524f7
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:icedid, family:smokeloader, family:vidar, family:xmrig, botnet:1616034f091df9fd0229bc38dd17597f, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:pub1, botnet:sprg, campaign:252847557, backdoor, banker, discovery, evasion, loader,...
Malware Analysis – amadey – 9d54aae2994dec26029909916dfc208a
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:1616034f091df9fd0229bc38dd17597f, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:pub1, botnet:sprg, backdoor, discovery, evasion, persistence, ransomware, spyware, stealer, trojanMD5:...
Malware Analysis – amadey – 544ca3fb991856aada9cc5d7b83cfdba
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:icedid, family:smokeloader, family:vidar, botnet:1616034f091df9fd0229bc38dd17597f, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:pub1, botnet:sprg, campaign:252847557, backdoor, banker, discovery, evasion, loader, persistence,...
Malware Analysis – djvu – e7ea90686ee11d235596640d76e18c31
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, discovery, persistence, ransomware, spyware, stealerMD5: e7ea90686ee11d235596640d76e18c31SHA1: f7626cce1a1983522fc95b3737842e10c067439cANALYSIS DATE: 2023-04-30T16:47:34ZTTPS: T1222, T1082, T1012, T1005,...
