OSINT

Malware Analysis – evasion – 0cbe1902f52443edfee4e72a42f18514

January 10, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0cbe1902f52443edfee4e72a42f18514SHA1: a52908360308b367ea0eb5628045453723cc8a1fANALYSIS DATE: 2023-01-10T15:43:42ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 4b1df5dec5ccce753ef98c988f97e066

January 10, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 4b1df5dec5ccce753ef98c988f97e066SHA1: 8aab3d3e48a21a6570f3b00b77b7fe5a73b2c0ebANALYSIS DATE: 2023-01-10T15:40:42ZTTPS: T1012, T1082, T1053, T1005,...

Malware Analysis – discovery – b8d382c628ffa7269a7b0e5491dc7747

January 10, 2023

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: b8d382c628ffa7269a7b0e5491dc7747SHA1: 4982678f5314995a82d5865a9a024b0eaab94968ANALYSIS DATE: 2023-01-10T15:47:02ZTTPS: T1082, T1060, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – evasion – 6f589fff14eee89414f85db1c9645bc2

January 10, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 6f589fff14eee89414f85db1c9645bc2SHA1: 89ac66fa8603039a71a0db9949b87e98df9d9e0cANALYSIS DATE: 2023-01-10T16:04:03ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – discovery – ec8284a8af78a184d3b3a8248bde7fb9

January 10, 2023

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, ransomwareMD5: ec8284a8af78a184d3b3a8248bde7fb9SHA1: 982e3e1788426ee1a22eaaa97b9f843468b48fd5ANALYSIS DATE: 2023-01-10T16:19:29ZTTPS: T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – evasion – d3c434ebded1f388346f59b2095fda9d

January 10, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: d3c434ebded1f388346f59b2095fda9dSHA1: cd1729ccc527be0ddcfe775559010231ab13cb50ANALYSIS DATE: 2023-01-10T16:12:02ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 226c4d76864ef44497cd415d72a8b5b4

January 10, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 226c4d76864ef44497cd415d72a8b5b4SHA1: 2e968a4ea6b40e0461b955662b120041dcfb295cANALYSIS DATE: 2023-01-10T16:31:20ZTTPS: T1060, T1112, T1005, T1081,...

Malware Analysis – aurora – 7e804426447118137a1febc094e22d25

January 10, 2023

Score: 10 MALWARE FAMILY: auroraTAGS:family:aurora, family:dcrat, family:djvu, family:icedid, family:smokeloader, family:vidar, botnet:19, campaign:3131022508, backdoor, banker, discovery, infostealer, persistence, ransomware, rat, spyware,...

YATAS – A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

January 10, 2023

Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without...

18d3e271def56833eb9bf559df1384e216bd64460688d7851f95a555966d0307

TerraLdr – A Payload Loader Designed With Advanced Evasion Features

January 10, 2023

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing...

Using MSPs to administer your cloud services

January 10, 2023

Using MSPs to administer your cloud services Any conversation about securing cloud services will swiftly turn towards the cloud shared...

Daily Vulnerability Trends: Tue Jan 10 2023

January 10, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.CVE-2022-27666A heap buffer overflow flaw was...

Malware Analysis – smokeloader – 2efacf2c68013a4fb5cdf8783306df0b

January 10, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 2efacf2c68013a4fb5cdf8783306df0bSHA1: c84baadfd99d7d64ff8df25849c67be71ce0fc82ANALYSIS DATE: 2023-01-10T03:10:55ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – aurora – b9a1dcbf263cf5f0e36856c9b198a606

January 10, 2023

Score: 10 MALWARE FAMILY: auroraTAGS:family:aurora, family:dcrat, family:djvu, family:icedid, family:redline, family:smokeloader, family:vidar, botnet:19, botnet:@2023@new, campaign:3131022508, backdoor, banker, discovery, infostealer, persistence, ransomware,...

Malware Analysis – djvu – 3028c71d9207be63be223889aa8a88ff

January 10, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 3028c71d9207be63be223889aa8a88ffSHA1: c2a29df6ce78b4d55e504dbf232e36af4bdae49aANALYSIS DATE: 2023-01-10T03:33:26ZTTPS: T1053, T1012, T1082, T1005,...

Malware Analysis – djvu – dfa606df6650fa08f70c4ab17aa58e0b

January 10, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: dfa606df6650fa08f70c4ab17aa58e0bSHA1: b3f22c9ab2bfb620727561596241aece5c62ed64ANALYSIS DATE: 2023-01-10T05:35:05ZTTPS: T1060, T1112, T1082, T1053,...

OSINT

Malware Analysis – evasion – 0cbe1902f52443edfee4e72a42f18514

Malware Analysis – djvu – 4b1df5dec5ccce753ef98c988f97e066

Malware Analysis – discovery – b8d382c628ffa7269a7b0e5491dc7747

Malware Analysis – evasion – 6f589fff14eee89414f85db1c9645bc2

Malware Analysis – discovery – ec8284a8af78a184d3b3a8248bde7fb9

Malware Analysis – evasion – d3c434ebded1f388346f59b2095fda9d

Malware Analysis – djvu – 226c4d76864ef44497cd415d72a8b5b4

Malware Analysis – aurora – 7e804426447118137a1febc094e22d25

YATAS – A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

TerraLdr – A Payload Loader Designed With Advanced Evasion Features

Using MSPs to administer your cloud services

Daily Vulnerability Trends: Tue Jan 10 2023

Malware Analysis – smokeloader – 2efacf2c68013a4fb5cdf8783306df0b

Malware Analysis – aurora – b9a1dcbf263cf5f0e36856c9b198a606

Malware Analysis – djvu – 3028c71d9207be63be223889aa8a88ff

Malware Analysis – djvu – dfa606df6650fa08f70c4ab17aa58e0b

Malware Analysis – aurora – 6ce1e8a07ad32a3b3c75ecb9e815f9b6

Cobalt Stike Beacon Detected – 43[.]138[.]66[.]190:2000

Cobalt Stike Beacon Detected – 5[.]254[.]66[.]113:80

Cobalt Stike Beacon Detected – 81[.]70[.]11[.]25:7443

Cobalt Stike Beacon Detected – 84[.]32[.]128[.]43:8443

Cobalt Stike Beacon Detected – 172[.]247[.]32[.]228:443

Karakurt Ransomware Victim: River City Science Academy

Winnti APT group docks in Sri Lanka for new campaign

Cobalt Strike Beacon Detected – 121[.]43[.]37[.]134:4434

Cobalt Strike Beacon Detected – 119[.]29[.]231[.]118:443

Cobalt Strike Beacon Detected – 39[.]101[.]74[.]162:443

Cobalt Strike Beacon Detected – 8[.]218[.]112[.]112:8880

Cobalt Strike Beacon Detected – 47[.]109[.]48[.]57:443

You may have missed