The Week in Ransomware – January 13th 2023 – LockBit in the spotlight
The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind...
OSINT
Vice Society ransomware claims attack on Australian firefighting service
Australia's Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the...
Royal Mail halts international services after cyberattack
The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused...
European police takes down call centers behind cryptocurrency scams
Multiple call centers across Europe controlled by a criminal organization involved in online investment fraud were taken down this week...
MetaMask warns of new ‘Address Poisoning’ cryptocurrency scam
Cryptocurrency wallet provider MetaMask is warning users of a new scam called 'Address Poisoning' used to trick users into sending...
RAT malware campaign tries to evade detection using polyglot files
Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR...
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a...
Cisco warns of auth bypass bug with public exploit in EoL routers
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers....
Royal Mail cyberattack linked to LockBit ransomware operation
A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. Yesterday, the...
PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities,...
Threema claims encryption flaws never had a real-world impact
A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end...
Twitter claims leaked data of 200M users not stolen from its systems
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked...
Android TV box on Amazon came pre-installed with malware
A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware...
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian...
Hackers exploit Control Web Panel flaw to open reverse shells
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly...
Ransomware in November 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat...
Cobalt Stike Beacon Detected – 24[.]199[.]125[.]39:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]222[.]73[.]187:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]13[.]1[.]223:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]27[.]62[.]175:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]187[.]24:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]77[.]44[.]118:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – evasion – 4f774b19f651b067f18d07509c0c938d
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 4f774b19f651b067f18d07509c0c938dSHA1: 4fc969b01a148d8fcc9d18349f84840ae4b2d69bANALYSIS DATE: 2023-01-13T20:58:46ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
