PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities,...
OSINT
New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears...
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully...
Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related...
Threema claims encryption flaws never had a real-world impact
A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end...
Twitter claims leaked data of 200M users not stolen from its systems
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked...
Android TV box on Amazon came pre-installed with malware
A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware...
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian...
Hackers exploit Control Web Panel flaw to open reverse shells
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly...
Ransomware in November 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat...
Cobalt Stike Beacon Detected – 24[.]199[.]125[.]39:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]222[.]73[.]187:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]77[.]44[.]118:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]13[.]1[.]223:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]27[.]62[.]175:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]187[.]24:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – evasion – 4f774b19f651b067f18d07509c0c938d
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 4f774b19f651b067f18d07509c0c938dSHA1: 4fc969b01a148d8fcc9d18349f84840ae4b2d69bANALYSIS DATE: 2023-01-13T20:58:46ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 3dcf9fdd2fd95e1d56d8a5dc010130d6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 3dcf9fdd2fd95e1d56d8a5dc010130d6SHA1: 698761ced0b29ce6c67734368731ab8281124727ANALYSIS DATE: 2023-01-13T23:53:00ZTTPS: T1222, T1012, T1082, T1005,...
Malware Analysis – – 3b01de02b4a717539c44af9b388cf730
Score: 7 MALWARE FAMILY: TAGS:MD5: 3b01de02b4a717539c44af9b388cf730SHA1: e835e5bda10c4af40b07bdc8e0be8ba31d09a1caANALYSIS DATE: 2023-01-13T22:05:02ZTTPS: T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 0563eaa2a29f70a215875bd221d578f1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 0563eaa2a29f70a215875bd221d578f1SHA1: 26aa7dfb6c3d060e85669a3aaf6c423940312481ANALYSIS DATE: 2023-01-13T22:17:18ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – djvu – a3b16d93ce7b3facd97125fb30337366
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: a3b16d93ce7b3facd97125fb30337366SHA1: 67ef3d916b09d6efe05584e76dade7b9a0764a09ANALYSIS DATE: 2023-01-13T22:41:28ZTTPS:...
Malware Analysis – discovery – d60f20003600b70defb72215417aadee
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: d60f20003600b70defb72215417aadeeSHA1: b89035349ad4894e1837b81e3e826ca4572f4f88ANALYSIS DATE: 2023-01-13T15:37:51ZTTPS: T1012, T1497, T1060, T1112, T1120, T1082, T1130 ScoreMeaningExample10Known...
Malware Analysis – vidar – 1272913903f006257782576e54bc42f1
Score: 10 MALWARE FAMILY: vidarTAGS:family:vidar, botnet:1375, discovery, persistence, ransomware, stealerMD5: 1272913903f006257782576e54bc42f1SHA1: 2f0de1263f81ed61aed30911322ef0d8afeac200ANALYSIS DATE: 2023-01-13T15:22:43ZTTPS: T1012, T1082, T1112, T1042, T1060 ScoreMeaningExample10Known...
