Cobalt Stike Beacon Detected – 107[.]174[.]247[.]46:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OSINT
Malware Analysis – djvu – b0f0b79c2b04c118ef4f6629e88cd2bc
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: b0f0b79c2b04c118ef4f6629e88cd2bcSHA1: e88aec0e4d70cce8ae9ac6ed07191f24eb03afeaANALYSIS DATE: 2023-01-06T21:16:19ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – djvu – 7873a6083d3990821cd66ad9a5aceebe
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 7873a6083d3990821cd66ad9a5aceebeSHA1: e0d03bb5c7674dc492687e66975edb397ff0b3c9ANALYSIS DATE: 2023-01-06T21:16:22ZTTPS:...
Malware Analysis – discovery – 4e72fd959c26c584f851553c854029cf
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, ransomwareMD5: 4e72fd959c26c584f851553c854029cfSHA1: d41f78eae4003a8713eccc9ce0250eb0455215e1ANALYSIS DATE: 2023-01-06T22:05:38ZTTPS: T1082, T1057, T1012, T1130, T1112 ScoreMeaningExample10Known badA malware family was...
Malware Analysis – djvu – ee56af504d8d398200f6b80870499502
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: ee56af504d8d398200f6b80870499502SHA1: 268e292df2627e4263cf9de0debb5d3136e8057aANALYSIS DATE: 2023-01-06T21:41:36ZTTPS: T1053, T1005, T1081, T1012,...
Malware Analysis – evasion – 4c0e7f72921c21ebb2d67d58d92e92fb
Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomwareMD5: 4c0e7f72921c21ebb2d67d58d92e92fbSHA1: 9b8a9d56ae0961825e7e5e8e0363c72297954009ANALYSIS DATE: 2023-01-06T22:25:33ZTTPS: T1031, T1562, T1489, T1060, T1112, T1107, T1490, T1012, T1120,...
Malware Analysis – amadey – 26fe4336a7d372adf5f211d7f412aecf
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, botnet:494, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 26fe4336a7d372adf5f211d7f412aecfSHA1: 4fc85afe503f085ef16f57fac073596f8eb10afdANALYSIS...
Malware Analysis – evasion – ea5e82760186813f2c6a502f53378e62
Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomwareMD5: ea5e82760186813f2c6a502f53378e62SHA1: 63ae0b9f29bd80f33d71791be5b5c3ea8a038987ANALYSIS DATE: 2023-01-06T22:48:40ZTTPS: T1012, T1120, T1082, T1112, T1070, T1060, T1018 ScoreMeaningExample10Known badA...
Malware Analysis – discovery – 9b583f2aa0dc81105ba238af0e12ff72
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, ransomware, upxMD5: 9b583f2aa0dc81105ba238af0e12ff72SHA1: d58f64e37295f03a9aaa6f69261a8b5695115d99ANALYSIS DATE: 2023-01-06T23:49:14ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – amadey – c381deebc66153d21111d53654b38270
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, botnet:494, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: c381deebc66153d21111d53654b38270SHA1: 642f0cc887c5e3277878ee374fdf985b8c5d0687ANALYSIS...
Malware Analysis – djvu – af5aa9bc773c7828ac30cdc423ccb974
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: af5aa9bc773c7828ac30cdc423ccb974SHA1: 11deebd500cbe542d145bd3b5b188a9911f3eaabANALYSIS DATE: 2023-01-06T23:00:32ZTTPS: T1060, T1112, T1082, T1005,...
Posh C2 Detected – 44[.]192[.]81[.]16:443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
Villain – Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other...
ExchangeFinder – Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version
ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on...
DotDumper – An Automatic Unpacker And Logger For DotNet Framework Targeting Files
An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022....
Malware Analysis – smokeloader – 95432e26e7c83698ae92fd7f4d2b9222
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 95432e26e7c83698ae92fd7f4d2b9222SHA1: a67787768b020628afda97d86381c37fc4dc4806ANALYSIS DATE: 2023-01-06T15:46:08ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – sodinokibi – 5f58902825d15d59528f98faf43b86c3
Score: 10 MALWARE FAMILY: sodinokibiTAGS:family:sodinokibi, botnet:$2a$10$d/hor8pzftxyevodyrecsebolxf2dclmqmqjta4y2usfgkhezxq62, campaign:4430, ransomwareMD5: 5f58902825d15d59528f98faf43b86c3SHA1: f09e5e72b433d11a32efe2e5d63db0bc7b8def59ANALYSIS DATE: 2023-01-06T15:34:10ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – djvu – 93c0547134939574209bab5e292eaeed
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 93c0547134939574209bab5e292eaeedSHA1: 8c0deaa8439563a4abae05fc5c00f1802aed55a5ANALYSIS DATE: 2023-01-06T15:26:03ZTTPS: T1053, T1130, T1112, T1060, T1222,...
Royal Ransomware Victim: LEK / HABO
RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
Malware Analysis – persistence – f05f09f300d490e67a9cd0b9022fae09
Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: f05f09f300d490e67a9cd0b9022fae09SHA1: 22f498684dcec3fd39d046322b016554124aa266ANALYSIS DATE: 2023-01-06T16:33:50ZTTPS: T1012, T1120, T1082, T1060, T1130, T1112 ScoreMeaningExample10Known badA malware family...
Malware Analysis – amadey – 0d8206f8fbd4cad4c14fbc48e1ecec79
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 0d8206f8fbd4cad4c14fbc48e1ecec79SHA1: 446cf441f1280e16a10a6a7cc48e59aec15d98b3ANALYSIS DATE:...
Malware Analysis – djvu – 90968ea53198c599194304983a2c872e
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 90968ea53198c599194304983a2c872eSHA1: 1ca1702e09f31bb8595be784a05f4d492eb73aafANALYSIS DATE: 2023-01-06T16:16:04ZTTPS: T1130, T1112, T1060, T1222, T1082,...
Malware Analysis – amadey – dfca7a657c978b69e88320208730b439
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: dfca7a657c978b69e88320208730b439SHA1: bc815f3ddd98e327204ef3a0664b6ba00423220eANALYSIS DATE:...
HIVE Ransomware Victim: Consulate Health Care
HIVE Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
