Cobalt Stike Beacon Detected – 81[.]161[.]229[.]168:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OSINT
Cobalt Stike Beacon Detected – 18[.]197[.]201[.]242:4433
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]223[.]215[.]12:8091
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
LockBit 3.0 Ransomware Victim: flatironssolutions[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Daily Vulnerability Trends: Wed Jan 25 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments...
Malware Analysis – darkcomet – 0370e5464c8f4718128f18548ca236aa
Score: 10 MALWARE FAMILY: darkcometTAGS:family:darkcomet, ransomware, rat, trojanMD5: 0370e5464c8f4718128f18548ca236aaSHA1: a7dc7c6526971d70b887b937bd6965ee82e5fdd0ANALYSIS DATE: 2023-01-25T03:51:31ZTTPS: T1012, T1082, T1491, T1112 ScoreMeaningExample10Known badA malware family...
Malware Analysis – djvu – c82d642d03203afc33ec1bf6c736b5c5
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c82d642d03203afc33ec1bf6c736b5c5SHA1: 45385bbb8d54c5adc84e49450c7ec1f69b60906bANALYSIS DATE: 2023-01-25T03:43:41ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – djvu – f297068017e333ac96d70756a87babf6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: f297068017e333ac96d70756a87babf6SHA1: 6dbfc207b81246788e0cab826b3dd96a31dfb276ANALYSIS DATE: 2023-01-25T04:11:03ZTTPS: T1130, T1112, T1060, T1222, T1082...
Malware Analysis – djvu – 333bcc4a842670afc9f50160d7e3055c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 333bcc4a842670afc9f50160d7e3055cSHA1: b72cdacbb3e38a705344cdaab0454996563e98fdANALYSIS DATE: 2023-01-25T05:09:28ZTTPS: T1082, T1012, T1005, T1081,...
Malware Analysis – wannacry – bc5ee0bcefce9d21f9a17c60a19c2b18
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, persistence, ransomware, spyware, stealer, wormMD5: bc5ee0bcefce9d21f9a17c60a19c2b18SHA1: 6b207ad03911865694e5f4c3059c2a5f0242c6daANALYSIS DATE: 2023-01-25T05:04:09ZTTPS: T1491, T1112, T1060, T1107, T1490,...
Malware Analysis – wannacry – e8340564caba7a2635af2c79cb7103eb
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, bootkit, discovery, persistence, ransomware, spyware, stealer, wormMD5: e8340564caba7a2635af2c79cb7103ebSHA1: 8c62c79508abe5ffa36608d1846dcb20b2a27137ANALYSIS DATE: 2023-01-25T05:05:54ZTTPS: T1112, T1060, T1222, T1012,...
Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage...
GoTo says hackers stole customers’ backups and encryption key
GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups...
U.S. sues Google for abusing dominance over online ad market
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online...
Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code...
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords,...
FBI: North Korean hackers stole $100 million in Harmony crypto hack
The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100...
Russia’s largest ISP says 2022 broke all DDoS attack records
Russia's largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting...
75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion....
VMware fixes critical security bugs in vRealize log analysis tool
VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution...
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch....
Cobalt Stike Beacon Detected – 198[.]154[.]94[.]36:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]162[.]31:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]138[.]21[.]132:8808
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
