OSINT

Malware Analysis – evasion – 6671d139c65f08a309f41703287409a4

November 2, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealerMD5: 6671d139c65f08a309f41703287409a4SHA1: e94def6f8384999a6c994c4e26c52c13f458271cANALYSIS DATE: 2022-11-02T15:20:15ZTTPS: T1107, T1490, T1070, T1005, T1081, T1018, T1158,...

Malware Analysis – medusalocker – 87fc357cfaa43f6766a5efef072871bc

November 2, 2022

Score: 10 MALWARE FAMILY: medusalockerTAGS:family:medusalocker, evasion, ransomware, spyware, stealer, trojanMD5: 87fc357cfaa43f6766a5efef072871bcSHA1: ab77612d19ab9ec9f3bff9f13bf18cffc82799a7ANALYSIS DATE: 2022-11-02T15:21:10ZTTPS: T1082, T1005, T1081, T1088, T1089, T1112,...

Malware Analysis – evasion – 813704db631ee44f572b4cd0c1067695

November 2, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomware, trojanMD5: 813704db631ee44f572b4cd0c1067695SHA1: ca9118d99b160b3b5fb12df9230831eaec400dd1ANALYSIS DATE: 2022-11-02T15:20:05ZTTPS: T1112, T1088, T1089, T1082, T1107, T1490 ScoreMeaningExample10Known badA malware...

Malware Analysis – amadey – 0ea04d00739c5b503ac7a0b085a4e07d

November 2, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, botnet:mario23_10, botnet:slovarik1btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojan, upxMD5:...

Malware Analysis – djvu – e20a320b8ff66f8e136150233f22e369

November 2, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, botnet:slovarik1btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: e20a320b8ff66f8e136150233f22e369SHA1: 18e52d360e4c171cf1a28986c33450350143fb10ANALYSIS...

Malware Analysis – evasion – 183ad97d55d1170f21a8d10a8339fdab

November 2, 2022

Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 183ad97d55d1170f21a8d10a8339fdabSHA1: 427b302690b2418b5b414fee3ac6ce585e6fe375ANALYSIS DATE: 2022-11-02T16:06:02ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 9a164cede19b9203c508c386fabb2a45

November 2, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 9a164cede19b9203c508c386fabb2a45SHA1: f00e3ed4d51a5296ce350ec071c0e8ede05f3cdfANALYSIS DATE: 2022-11-02T16:21:17ZTTPS: T1005, T1081, T1222, T1053, T1012, T1082,...

Jscythe – Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

November 2, 2022

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even...

Cobalt Stike Beacon Detected – 205[.]185[.]114[.]97:80

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – discovery – 0dde0c9450eed08bf80da8f7a2ec2a86

November 2, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, pyinstaller, ransomware, upxMD5: 0dde0c9450eed08bf80da8f7a2ec2a86SHA1: 9bfd776b25d4eeb9224adff4846471d12cbe285eANALYSIS DATE: 2022-11-02T09:15:49ZTTPS: T1012, T1082, T1060, T1120 ScoreMeaningExample10Known badA malware...

Malware Analysis – evasion – eadb17b5927d0d3ede787219fe4cdf16

November 2, 2022

Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomwareMD5: eadb17b5927d0d3ede787219fe4cdf16SHA1: 8cacc18b9c25bc93ba340f5b1902f783ca23a4b6ANALYSIS DATE: 2022-11-02T09:06:38ZTTPS: T1031, T1082, T1112, T1107, T1490, T1012, T1060, T1120 ScoreMeaningExample10Known...

Cobalt Stike Beacon Detected – 188[.]166[.]199[.]36:80

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 185[.]143[.]223[.]76:443

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 146[.]56[.]196[.]110:9999

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 2[.]47[.]145[.]134:443

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 4a399bbce7a83483767712b5f4f1b080

November 2, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 4a399bbce7a83483767712b5f4f1b080SHA1: 742529c0d685527f8aa72c530819a72379117103ANALYSIS DATE: 2022-11-02T10:20:31ZTTPS: T1082, T1005, T1081, T1012, T1060, T1112,...

Malware Analysis – evasion – 1829589d95bdd2c30f0bef154decd426

November 2, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 1829589d95bdd2c30f0bef154decd426SHA1: 0c173a34bece843e8e30024c18a9307038f223f4ANALYSIS DATE: 2022-11-02T10:08:13ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – smokeloader – 52db9d38ee83efe292d8e51e7fdbf19d

November 2, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 52db9d38ee83efe292d8e51e7fdbf19dSHA1: e6dc2646fd00cc12745eec29ddda38fbfdf5494dANALYSIS DATE: 2022-11-02T10:02:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 1552564d0af2fa30bbb740b1a0ad54a2

November 2, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 1552564d0af2fa30bbb740b1a0ad54a2SHA1: 95c378e063cfeeea3a7cf3e7857234baf3877e88ANALYSIS DATE: 2022-11-02T10:11:03ZTTPS: T1130, T1112, T1060, T1053, T1005, T1081,...

Cobalt Stike Beacon Detected – 120[.]24[.]240[.]80:80

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 164[.]128[.]173[.]115:8443

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 84[.]32[.]128[.]89:443

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 154[.]204[.]59[.]116:80

November 2, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 537ecc10bd947a0dd5d9088bf6474fa2

November 2, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 537ecc10bd947a0dd5d9088bf6474fa2SHA1: 6138e922e5bf72d482cb563e1c52486dbe8b9669ANALYSIS DATE: 2022-11-02T11:40:58ZTTPS: T1005, T1081, T1012, T1082, T1222, T1060,...

OSINT

Malware Analysis – evasion – 6671d139c65f08a309f41703287409a4

Malware Analysis – medusalocker – 87fc357cfaa43f6766a5efef072871bc

Malware Analysis – evasion – 813704db631ee44f572b4cd0c1067695

Malware Analysis – amadey – 0ea04d00739c5b503ac7a0b085a4e07d

Malware Analysis – djvu – e20a320b8ff66f8e136150233f22e369

Malware Analysis – evasion – 183ad97d55d1170f21a8d10a8339fdab

Malware Analysis – djvu – 9a164cede19b9203c508c386fabb2a45

Jscythe – Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

Cobalt Stike Beacon Detected – 205[.]185[.]114[.]97:80

Malware Analysis – discovery – 0dde0c9450eed08bf80da8f7a2ec2a86

Malware Analysis – evasion – eadb17b5927d0d3ede787219fe4cdf16

Cobalt Stike Beacon Detected – 188[.]166[.]199[.]36:80

Cobalt Stike Beacon Detected – 185[.]143[.]223[.]76:443

Cobalt Stike Beacon Detected – 146[.]56[.]196[.]110:9999

Cobalt Stike Beacon Detected – 2[.]47[.]145[.]134:443

Malware Analysis – djvu – 4a399bbce7a83483767712b5f4f1b080

Malware Analysis – evasion – 1829589d95bdd2c30f0bef154decd426

Malware Analysis – smokeloader – 52db9d38ee83efe292d8e51e7fdbf19d

Malware Analysis – djvu – 1552564d0af2fa30bbb740b1a0ad54a2

Cobalt Stike Beacon Detected – 120[.]24[.]240[.]80:80

Cobalt Stike Beacon Detected – 164[.]128[.]173[.]115:8443

Cobalt Stike Beacon Detected – 84[.]32[.]128[.]89:443

Cobalt Stike Beacon Detected – 154[.]204[.]59[.]116:80

Malware Analysis – djvu – 537ecc10bd947a0dd5d9088bf6474fa2

[INCRANSOM] – Ransomware Victim: VZW Avalon

Ai Layoffs To Backfire: Half Quietly Rehired At Lower Pay

[BLACKSHRANTAC] – Ransomware Victim: The Matlusky Firm LLC

[QILIN] – Ransomware Victim: bagnoles[.]nl

[BLACKSHRANTAC] – Ransomware Victim: ApleNet Co[.], Ltd

You may have missed