OSINT

Malware Analysis – djvu – 4d50334081024a62178c18193ad7640a

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 4d50334081024a62178c18193ad7640aSHA1: 89f06b69f0acf9f1e625c5097b82b74c20030c8bANALYSIS DATE: 2023-01-04T03:04:12ZTTPS: T1005, T1081, T1012, T1082,...

Malware Analysis – meow – 80637ef09441d910ae7bdda488eb9989

January 4, 2023

Score: 10 MALWARE FAMILY: meowTAGS:family:meow, ransomware, spyware, stealerMD5: 80637ef09441d910ae7bdda488eb9989SHA1: 638e3ca8c66e218a3bdc666d52c2a91a116b60d7ANALYSIS DATE: 2023-01-04T03:36:27ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – evasion – cebed8210feb0d37479d62199049e0ba

January 4, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: cebed8210feb0d37479d62199049e0baSHA1: eec586742f917b65c73d2f99c11dd65072c4f298ANALYSIS DATE: 2023-01-04T03:41:58ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – ransomware – 4b95b42cac7a11602b26caa41574d764

January 4, 2023

Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 4b95b42cac7a11602b26caa41574d764SHA1: f64b7f29ecf8516d9d55bca8443f33d041b2b16aANALYSIS DATE: 2023-01-04T03:28:40ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – amadey – 03a2ae7e3d0fabcf4858e10a822d9a99

January 4, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealer, trojan,...

Malware Analysis – djvu – 2fd0cc05f8b64718dc4d894e14a0e8d1

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 2fd0cc05f8b64718dc4d894e14a0e8d1SHA1: c9fae77309397f25dfdb9bf3b3515494f061b8ecANALYSIS DATE: 2023-01-04T04:37:04ZTTPS: T1222, T1053, T1005, T1081,...

Malware Analysis – djvu – 54e06155a4b0a099b9fe1ddc9f209329

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 54e06155a4b0a099b9fe1ddc9f209329SHA1: 48b0ad39a74137e45a0d93cc5b339847b88d971cANALYSIS DATE: 2023-01-04T05:50:25ZTTPS: T1060, T1112, T1053, T1222,...

Malware Analysis – evasion – 0c5cbe64b5cc615c77b6d2676300495e

January 4, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0c5cbe64b5cc615c77b6d2676300495eSHA1: 58aef51084d93563d9b4081c1b51acdb7745e931ANALYSIS DATE: 2023-01-04T04:19:32ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 943d8bacdfa116ec3a2e87fe7c8d8e63

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 943d8bacdfa116ec3a2e87fe7c8d8e63SHA1: 6fa3d75154f39ffed44291a9f1d6b12760cb5454ANALYSIS DATE: 2023-01-04T05:32:12ZTTPS: T1012, T1082, T1005, T1081,...

Synology fixes maximum severity vulnerability in VPN routers

January 4, 2023

Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers. The...

Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks

January 4, 2023

More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE)...

Ransomware impacts over 200 govt, edu, healthcare orgs in 2022

January 4, 2023

Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational,...

Poland warns of attacks by Russia-linked Ghostwriter hacking group

January 4, 2023

The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as...

Ongoing Flipper Zero phishing attacks target infosec community

January 4, 2023

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal...

Royal ransomware claims attack on Queensland University of Technology

January 4, 2023

The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to...

Rail giant Wabtec discloses data breach after Lockbit ransomware attack

January 4, 2023

U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is...

BitRAT malware campaign uses stolen bank data for phishing

January 4, 2023

Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures...

BleepingComputer’s most popular cybersecurity stories of 2022

January 4, 2023

It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns,...

PXEThief – Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

January 3, 2023

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out...

Malware Analysis – ransomware – a41afe748aed818ab6ac94e81bdde610

January 3, 2023

Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: a41afe748aed818ab6ac94e81bdde610SHA1: 9468012acf6df7a0e593f41e0da8123f541277dfANALYSIS DATE: 2023-01-03T15:28:36ZTTPS: T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – evasion – f714964febf0482d0781116faf95c797

January 3, 2023

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomware, upxMD5: f714964febf0482d0781116faf95c797SHA1: 41a1ab64d4ac85618a2241581b8c5c9b98691577ANALYSIS DATE: 2023-01-03T15:07:20ZTTPS: T1082, T1012, T1120, T1158 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – discovery – f3257310b37b572a371c05dd0bb419ef

January 3, 2023

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploit, persistenceMD5: f3257310b37b572a371c05dd0bb419efSHA1: 6c9354a3bb7246af254f00b4adb01b556adc1e8eANALYSIS DATE: 2023-01-03T15:00:01ZTTPS: T1050, T1012, T1060, T1222, T1082 ScoreMeaningExample10Known badA malware family...

Malware Analysis – djvu – ca36f7252b0fc1f54c7d1f4c554f4e83

January 3, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: ca36f7252b0fc1f54c7d1f4c554f4e83SHA1: d42db97d04c519fac40d4a641eea0f868375d32bANALYSIS DATE: 2023-01-03T17:04:47ZTTPS: T1053, T1012, T1060, T1112,...

Malware Analysis – djvu – 42cd30f9e9cb1715d3b9e2f38617f9de

January 3, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 42cd30f9e9cb1715d3b9e2f38617f9deSHA1: a765a8172e191f1a6d243a1a4b6dfdedc2e179f7ANALYSIS DATE: 2023-01-03T16:32:51ZTTPS: T1005, T1081, T1060, T1112,...

OSINT

Malware Analysis – djvu – 4d50334081024a62178c18193ad7640a

Malware Analysis – meow – 80637ef09441d910ae7bdda488eb9989

Malware Analysis – evasion – cebed8210feb0d37479d62199049e0ba

Malware Analysis – ransomware – 4b95b42cac7a11602b26caa41574d764

Malware Analysis – amadey – 03a2ae7e3d0fabcf4858e10a822d9a99

Malware Analysis – djvu – 2fd0cc05f8b64718dc4d894e14a0e8d1

Malware Analysis – djvu – 54e06155a4b0a099b9fe1ddc9f209329

Malware Analysis – evasion – 0c5cbe64b5cc615c77b6d2676300495e

Malware Analysis – djvu – 943d8bacdfa116ec3a2e87fe7c8d8e63

Synology fixes maximum severity vulnerability in VPN routers

Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks

Ransomware impacts over 200 govt, edu, healthcare orgs in 2022

Poland warns of attacks by Russia-linked Ghostwriter hacking group

Ongoing Flipper Zero phishing attacks target infosec community

Royal ransomware claims attack on Queensland University of Technology

Rail giant Wabtec discloses data breach after Lockbit ransomware attack

BitRAT malware campaign uses stolen bank data for phishing

BleepingComputer’s most popular cybersecurity stories of 2022

PXEThief – Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

Malware Analysis – ransomware – a41afe748aed818ab6ac94e81bdde610

Malware Analysis – evasion – f714964febf0482d0781116faf95c797

Malware Analysis – discovery – f3257310b37b572a371c05dd0bb419ef

Malware Analysis – djvu – ca36f7252b0fc1f54c7d1f4c554f4e83

Malware Analysis – djvu – 42cd30f9e9cb1715d3b9e2f38617f9de

[AKIRA] – Ransomware Victim: Seppeler Gruppe

[AKIRA] – Ransomware Victim: Access Financial

[LYNX] – Ransomware Victim: Inflite Engineering Services

[SARCOMA] – Ransomware Victim: Machu Picchu Foods

[WORLDLEAKS] – Ransomware Victim: Myrtue Medical Center Hospital

You may have missed