OSINT

Malware Analysis – djvu – 00e5b549f8b6c6d6920d35aa68f25b02

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 00e5b549f8b6c6d6920d35aa68f25b02SHA1: d87b52dcbee58fa8ce933e22b06a39ffcb78677aANALYSIS DATE: 2022-10-14T16:28:14ZTTPS: T1082, T1005, T1081, T1060,...

Malware Analysis – djvu – 36f8a06ec4b02b186c2d8fa0b6be5609

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 36f8a06ec4b02b186c2d8fa0b6be5609SHA1: 393ff0a550ab21ea3d9ea61a6dc1d59d71de06c3ANALYSIS DATE:...

Malware Analysis – wannacry – f180d23ede98f53a8dffd109ed624e85

October 14, 2022

Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: f180d23ede98f53a8dffd109ed624e85SHA1: 7755fe529f6c4ff88d3955269c9a1d49235f5a56ANALYSIS DATE: 2022-10-14T16:00:14ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

WIP19, a new Chinese APT targets IT Service Providers and Telcos

October 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers...

CISA: CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

October 14, 2022

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool CISA has released RedEye, an interactive open-source analytic tool to...

Matano – The Open-Source Security Lake Platform For AWS

October 14, 2022

Features Collect data from all your sources Matano lets you collect log data from sources using Download Matano If you...

Malware Analysis – xorist – 41084ab3be6d49c1483b0b192de7f636

October 14, 2022

Score: 10 MALWARE FAMILY: xoristTAGS:family:xorist, persistence, ransomware, spyware, stealer, upxMD5: 41084ab3be6d49c1483b0b192de7f636SHA1: d67312b7e4e6c0c127b12ca1bda92a8c7ad7c6c6ANALYSIS DATE: 2022-10-14T03:32:26ZTTPS: T1005, T1081, T1060, T1112 ScoreMeaningExample10Known badA...

Malware Analysis – discovery – 50e562833fe474485dc04902a6496e90

October 14, 2022

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploit, persistenceMD5: 50e562833fe474485dc04902a6496e90SHA1: dc35c1b38267a47ae5ea7e650709d80b3837cab5ANALYSIS DATE: 2022-10-14T04:30:04ZTTPS: T1112, T1060, T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – smokeloader – 2642f5f309e1dd23eed278b904042263

October 14, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 2642f5f309e1dd23eed278b904042263SHA1: d0c4d1da177f8180d7f08f1b1cf3d6625e02cb27ANALYSIS DATE: 2022-10-14T08:03:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – magniber – b23cae8d39d76a08197382e0d9d5c297

October 14, 2022

Score: 10 MALWARE FAMILY: magniberTAGS:family:magniber, ransomwareMD5: b23cae8d39d76a08197382e0d9d5c297SHA1: 2bcc921be8477c6cce77ff4782e068ca798318deANALYSIS DATE: 2022-10-14T08:35:04ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – eebef1c49575877f734b1a71ae2d2a0f

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: eebef1c49575877f734b1a71ae2d2a0fSHA1: 8f9e40ac71b660296cabad8dd9860a65d51d7d45ANALYSIS DATE: 2022-10-14T08:26:27ZTTPS: T1222, T1082, T1053, T1005,...

Malware Analysis – – da802fc3ba7c09de9bc43c738a3c780b

October 14, 2022

Score: 7 MALWARE FAMILY: TAGS:MD5: da802fc3ba7c09de9bc43c738a3c780bSHA1: 4fea576b5306f92ef22520e5ee77aba057137504ANALYSIS DATE: 2022-10-14T08:36:26ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – chaos – 9adfbfb490528068ca3074432b96ecc6

October 14, 2022

Score: 10 MALWARE FAMILY: chaosTAGS:family:chaos, evasion, persistence, ransomware, spyware, stealerMD5: 9adfbfb490528068ca3074432b96ecc6SHA1: 545f15d3e9b413f06ca9b64c75e34de0a3626e5eANALYSIS DATE: 2022-10-14T08:40:09ZTTPS: T1490, T1059, T1107, T1082, T1005, T1081,...

Cobalt Stike Beacon Detected – 154[.]26[.]130[.]12:443

October 14, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 51[.]136[.]161[.]161:80

October 14, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 39[.]108[.]111[.]72:8083

October 14, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 8463da6fc342c79ddd71ea714b52e06e

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 8463da6fc342c79ddd71ea714b52e06eSHA1: d7b4447db1a5bf6f6b4c121647d50cfe4347ba75ANALYSIS DATE:...

Malware Analysis – djvu – 73e20711117eed146f782623fa6aa1fa

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 73e20711117eed146f782623fa6aa1faSHA1: b5a09b2c7f7a079e937c2ffe73ba6fdd3a976954ANALYSIS DATE: 2022-10-14T09:33:48ZTTPS: T1222, T1082, T1053, T1005,...

Malware Analysis – djvu – 93e80cf200afb6eb3aef34afa206af0b

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 93e80cf200afb6eb3aef34afa206af0bSHA1: fc15242b02094520aa7698927242f38b92d35035ANALYSIS DATE: 2022-10-14T08:56:53ZTTPS: T1012, T1082, T1053, T1005,...

Malware Analysis – evasion – c49165f9f2b289b12c830749e0d1768d

October 14, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, trojanMD5: c49165f9f2b289b12c830749e0d1768dSHA1: ee62143fc343919e5ef0521967f9a646ce8267e0ANALYSIS DATE: 2022-10-14T08:47:28ZTTPS: T1112, T1031, T1089, T1060, T1012, T1120, T1082 ScoreMeaningExample10Known...

OSINT

Malware Analysis – djvu – 00e5b549f8b6c6d6920d35aa68f25b02

Malware Analysis – djvu – 36f8a06ec4b02b186c2d8fa0b6be5609

Malware Analysis – wannacry – f180d23ede98f53a8dffd109ed624e85

WIP19, a new Chinese APT targets IT Service Providers and Telcos

CISA: CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Matano – The Open-Source Security Lake Platform For AWS

Malware Analysis – xorist – 41084ab3be6d49c1483b0b192de7f636

Malware Analysis – discovery – 50e562833fe474485dc04902a6496e90

Malware Analysis – smokeloader – 2642f5f309e1dd23eed278b904042263

Malware Analysis – magniber – b23cae8d39d76a08197382e0d9d5c297

Malware Analysis – djvu – eebef1c49575877f734b1a71ae2d2a0f

Malware Analysis – – da802fc3ba7c09de9bc43c738a3c780b

Malware Analysis – chaos – 9adfbfb490528068ca3074432b96ecc6

Cobalt Stike Beacon Detected – 154[.]26[.]130[.]12:443

Cobalt Stike Beacon Detected – 51[.]136[.]161[.]161:80

Cobalt Stike Beacon Detected – 39[.]108[.]111[.]72:8083

Malware Analysis – djvu – 8463da6fc342c79ddd71ea714b52e06e

Malware Analysis – djvu – 73e20711117eed146f782623fa6aa1fa

Malware Analysis – djvu – 93e80cf200afb6eb3aef34afa206af0b

Malware Analysis – evasion – c49165f9f2b289b12c830749e0d1768d

Cobalt Stike Beacon Detected – 31[.]7[.]62[.]194:80

Cobalt Stike Beacon Detected – 41[.]216[.]183[.]24:443

Cobalt Stike Beacon Detected – 185[.]236[.]202[.]202:80

Cobalt Stike Beacon Detected – 121[.]5[.]102[.]72:801

Cobalt Strike Beacon Detected – 121[.]43[.]37[.]134:4434

Cobalt Strike Beacon Detected – 119[.]29[.]231[.]118:443

Cobalt Strike Beacon Detected – 39[.]101[.]74[.]162:443

Cobalt Strike Beacon Detected – 8[.]218[.]112[.]112:8880

Cobalt Strike Beacon Detected – 47[.]109[.]48[.]57:443

You may have missed