Cobalt Stike Beacon Detected – 43[.]143[.]81[.]59:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OSINT
Cobalt Stike Beacon Detected – 39[.]107[.]105[.]128:2087
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – xorist – 5e9b5b1d952c74996c7f12dba611f205
Score: 10 MALWARE FAMILY: xoristTAGS:family:xorist, persistence, ransomware, spyware, stealer, upxMD5: 5e9b5b1d952c74996c7f12dba611f205SHA1: 10458ae6b4a18d93301099f66c7560d2e2fb2d4bANALYSIS DATE: 2022-12-06T00:47:19ZTTPS: T1060, T1112, T1005, T1081 ScoreMeaningExample10Known badA...
Cobalt Stike Beacon Detected – 43[.]130[.]228[.]116:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 54[.]163[.]195[.]148:8001
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 134[.]19[.]178[.]213:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 20[.]90[.]90[.]172:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – dcrat – 545edb09eef6849f6c2b3f87b3dfc5d3
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:vidar, botnet:517, botnet:mario23_10, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealerMD5: 545edb09eef6849f6c2b3f87b3dfc5d3SHA1:...
Malware Analysis – djvu – 3e132606c5205c1200f61a3dd211c794
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 3e132606c5205c1200f61a3dd211c794SHA1: 00ef28583d621983254fb0285fcd1084e0d4d030ANALYSIS DATE: 2022-12-10T09:47:23ZTTPS: T1060, T1112, T1222, T1012,...
Cobalt Stike Beacon Detected – 179[.]43[.]154[.]154:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – dcrat – 2c6e6e290972fcd5e556efccfd51f174
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:raccoon, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:ec7a54fb6492ff3a52d09504b8ecf082, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware,...
Malware Analysis – dcrat – 5eb828dff6222ddbe9a3ee89ccf031c5
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware,...
Daily Vulnerability Trends: Sat Dec 10 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting...
How to train your Ghidra
Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate...
DeathStalker targets legal entities with new Janicab variant
Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in...
Malware Analysis – dcrat – 73a5d127eaaf6fb828f619ef256968e0
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware,...
Malware Analysis – – 0957d09f815e2260860bdd9d5dda1381
Score: 3 MALWARE FAMILY: TAGS:MD5: 0957d09f815e2260860bdd9d5dda1381SHA1: ec885100590e960007c45fb0fdd3f82a5aa8fa8bANALYSIS DATE: 2022-12-05T18:58:08ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – smokeloader – 62d2eee763f97a3ee7eedd9c44d4ae06
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 62d2eee763f97a3ee7eedd9c44d4ae06SHA1: 809809a585c0275ab3a5620b974b1ca75acec2d6ANALYSIS DATE: 2022-12-10T04:45:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – a398399a3cf53c16d8d9eb535174c4ae
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: a398399a3cf53c16d8d9eb535174c4aeSHA1: 8696d4b0a585d6ac07068a7a4e83daffecf73b30ANALYSIS DATE: 2022-12-10T04:00:33ZTTPS: T1222, T1060, T1112, T1005,...
Malware Analysis – ransomware – 355b1f0ecc6f21d424d290fd1cf8f9c4
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 355b1f0ecc6f21d424d290fd1cf8f9c4SHA1: d8e77cff676472549fc632dd95a984f574c5d2c3ANALYSIS DATE: 2022-12-10T05:40:07ZTTPS: T1491, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – ransomware – 2174e0b00c34d4341a684eed4878368a
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 2174e0b00c34d4341a684eed4878368aSHA1: fcead4a3af7f6018692f947f3d8f93caf048cc67ANALYSIS DATE: 2022-12-10T05:40:07ZTTPS: T1491, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – evasion – 5db22ff59ff6dc30ed8ae5133954f6bd
Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 5db22ff59ff6dc30ed8ae5133954f6bdSHA1: f8a218eddd1c53390aa71c967eb842f4fe8e5054ANALYSIS DATE: 2022-12-10T05:23:04ZTTPS: T1031 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – dcrat – a53e90033448a8156937bb17eddfc43b
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:vidar, botnet:517, botnet:mario23_10, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealerMD5: a53e90033448a8156937bb17eddfc43bSHA1:...
Cobalt Stike Beacon Detected – 162[.]14[.]83[.]232:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
