OSINT

Daily Vulnerability Trends: Sun Jan 01 2023

January 1, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-48196Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated...

Malware Analysis – djvu – c32f1f18730491571309a796b9f38f46

January 1, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c32f1f18730491571309a796b9f38f46SHA1: 2594f24d355cf087d0a69ed603293c202403acf2ANALYSIS DATE: 2022-12-31T21:01:23ZTTPS: T1005, T1081, T1060, T1112,...

Malware Analysis – amadey – 875a57a33e01873ee9c566882252f2f9

January 1, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:lgoogloader, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, downloader, infostealer, persistence, ransomware, rat, spyware,...

Malware Analysis – djvu – 49cbd9d2518f657fff793edb6e69aa34

January 1, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 49cbd9d2518f657fff793edb6e69aa34SHA1: 5811fa647ad74bc7162eec0de91cbb989bd30abfANALYSIS DATE: 2022-12-31T22:32:05ZTTPS: T1012, T1082, T1222, T1005,...

Malware Analysis – amadey – e9de3e39d8e212cd00a606f8e5b0f986

January 1, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lgoogloader, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, downloader, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: e9de3e39d8e212cd00a606f8e5b0f986SHA1:...

Malware Analysis – djvu – cdc85b918fbbb00351af10de34cc606a

January 1, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: cdc85b918fbbb00351af10de34cc606aSHA1: e11c47a9601aa3deef7baaceded201e90b90f2afANALYSIS DATE: 2022-12-31T22:21:19ZTTPS: T1005, T1081, T1082, T1053,...

Malware Analysis – discovery – 30cbb7176e5eff6db09b9ac58e2d0087

January 1, 2023

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, ransomwareMD5: 30cbb7176e5eff6db09b9ac58e2d0087SHA1: 383b8b1f5517c856df40eee799ab19689e7bbbbdANALYSIS DATE: 2022-12-31T22:42:09ZTTPS: T1130, T1112, T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Cobalt Stike Beacon Detected – 120[.]40[.]7[.]23:8999

January 1, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 121[.]127[.]233[.]205:443

January 1, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 49[.]4[.]88[.]243:82

January 1, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – discovery – 3a02deed11f7ff4dbc1188d201ad164a

January 1, 2023

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 3a02deed11f7ff4dbc1188d201ad164aSHA1: 5c935f5c25c2975ef384878bb094567fb19519c9ANALYSIS DATE: 2022-12-31T23:29:57ZTTPS: T1060, T1012, T1082, T1120, T1112 ScoreMeaningExample10Known badA malware family...

Malware Analysis – amadey – 43fec7a0e3948a78bedf6cf27e9bf538

January 1, 2023

Malware Analysis – amadey – 01c5089df96b9c8da162b9a83c5056a8

January 1, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lgoogloader, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, downloader, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5:...

Malware Analysis – evasion – 7237bb5c2bcc4b19e8f574b3d9525df7

January 1, 2023

Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 7237bb5c2bcc4b19e8f574b3d9525df7SHA1: 80e73da87d2c5f19a2c6c7ba0140520bb345acc3ANALYSIS DATE: 2022-12-31T22:47:53ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Posh C2 Detected – 52[.]62[.]27[.]203:4443

January 1, 2023

The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...

LockBit ransomware claims attack on Port of Lisbon in Portugal

December 31, 2022

An cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed...

New Linux malware uses 30 plugin exploits to backdoor WordPress sites

December 31, 2022

A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. According to...

Canadian mining firm shuts down mill after ransomware attack

December 31, 2022

The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack...

LockBit 3.0 Ransomware Victim: sickkids[.]ca

December 31, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: hacla[.]org

December 31, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – discovery – 247a35851fdee53a1696715d67bd0905

December 31, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, exploit, persistence, trojanMD5: 247a35851fdee53a1696715d67bd0905SHA1: d2e86020e1d48e527e81e550f06c651328bd58a4ANALYSIS DATE: 2022-12-31T14:59:41ZTTPS: T1082, T1112, T1042, T1088, T1089, T1222, T1004,...

Malware Analysis – amadey – caea0d7d729cd98183ab8f89d159ed96

December 31, 2022

Royal Ransomware Victim: QUT

December 31, 2022

RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...

Malware Analysis – smokeloader – 124b03b3d75478abea2f458fee60959d

December 31, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 124b03b3d75478abea2f458fee60959dSHA1: 904c8a2dd40b96e58ff1cec864a2a210aa48c887ANALYSIS DATE: 2022-12-31T15:42:09ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

OSINT

Daily Vulnerability Trends: Sun Jan 01 2023

Malware Analysis – djvu – c32f1f18730491571309a796b9f38f46

Malware Analysis – amadey – 875a57a33e01873ee9c566882252f2f9

Malware Analysis – djvu – 49cbd9d2518f657fff793edb6e69aa34

Malware Analysis – amadey – e9de3e39d8e212cd00a606f8e5b0f986

Malware Analysis – djvu – cdc85b918fbbb00351af10de34cc606a

Malware Analysis – discovery – 30cbb7176e5eff6db09b9ac58e2d0087

Cobalt Stike Beacon Detected – 120[.]40[.]7[.]23:8999

Cobalt Stike Beacon Detected – 121[.]127[.]233[.]205:443

Cobalt Stike Beacon Detected – 49[.]4[.]88[.]243:82

Malware Analysis – discovery – 3a02deed11f7ff4dbc1188d201ad164a

Malware Analysis – amadey – 43fec7a0e3948a78bedf6cf27e9bf538

Malware Analysis – amadey – 01c5089df96b9c8da162b9a83c5056a8

Malware Analysis – evasion – 7237bb5c2bcc4b19e8f574b3d9525df7

Posh C2 Detected – 52[.]62[.]27[.]203:4443

LockBit ransomware claims attack on Port of Lisbon in Portugal

New Linux malware uses 30 plugin exploits to backdoor WordPress sites

Canadian mining firm shuts down mill after ransomware attack

LockBit 3.0 Ransomware Victim: sickkids[.]ca

LockBit 3.0 Ransomware Victim: hacla[.]org

Malware Analysis – discovery – 247a35851fdee53a1696715d67bd0905

Malware Analysis – amadey – caea0d7d729cd98183ab8f89d159ed96

Royal Ransomware Victim: QUT

Malware Analysis – smokeloader – 124b03b3d75478abea2f458fee60959d

Cobalt Strike Beacon Detected – 121[.]43[.]37[.]134:4434

Cobalt Strike Beacon Detected – 119[.]29[.]231[.]118:443

Cobalt Strike Beacon Detected – 39[.]101[.]74[.]162:443

Cobalt Strike Beacon Detected – 8[.]218[.]112[.]112:8880

Cobalt Strike Beacon Detected – 47[.]109[.]48[.]57:443

You may have missed