OSINT

AoratosWin – A Tool That Removes Traces Of Executed Applications On Windows OS

October 8, 2022

AoratosWin is a tool that removes traces of executed applications on Supported OS (Tested On) Windows 7 (x86, x64) Windows...

Cobalt Stike Beacon Detected – 106[.]52[.]130[.]164:8001

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 101[.]43[.]41[.]152:2222

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – smokeloader – 7c3f888f5b83a1fb3aa5bb7c5d7032b2

October 8, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 7c3f888f5b83a1fb3aa5bb7c5d7032b2SHA1: 1ca5f60b0812d395c303b86e0f8957e3f75f24b3ANALYSIS DATE: 2022-10-08T08:01:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – smokeloader – bed3853c06f4fa8b1dca5cfd5ef08ba3

October 8, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: bed3853c06f4fa8b1dca5cfd5ef08ba3SHA1: 08e6df089dfdf1c5c8f61550e33b93bc0373c3f1ANALYSIS DATE: 2022-10-08T08:31:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – dcrat – 7c3f888f5b83a1fb3aa5bb7c5d7032b2

October 8, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:raccoon, family:redline, family:smokeloader, family:vidar, botnet:17aad1e8aa2ca5164d7690cff1926390, botnet:517, botnet:555, botnet:9333547b6d5c69ea798fd93c66d78435, backdoor, collection, discovery, infostealer, persistence, ransomware,...

Malware Analysis – djvu – f144821a106254d2511e9e1bb0f88c34

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: f144821a106254d2511e9e1bb0f88c34SHA1: b7654fc67377242f6f64bc53b1f541d531e233f9ANALYSIS DATE: 2022-10-08T08:27:39ZTTPS: T1222, T1082, T1053, T1012,...

Cobalt Stike Beacon Detected – 5[.]44[.]42[.]45:443

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 106[.]13[.]54[.]144:8009

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 46d3d25d3dfb847965cc4b8af29403a2

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 46d3d25d3dfb847965cc4b8af29403a2SHA1: 2e63a3968c19e3c7e0aca2b0837c72b371ac3460ANALYSIS DATE: 2022-10-08T08:21:04ZTTPS: T1222, T1082, T1012, T1053,...

Cobalt Stike Beacon Detected – 62[.]182[.]159[.]147:80

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 43[.]155[.]2[.]46:2086

October 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – bed3853c06f4fa8b1dca5cfd5ef08ba3

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:raccoon, family:vidar, botnet:17aad1e8aa2ca5164d7690cff1926390, botnet:517, botnet:9333547b6d5c69ea798fd93c66d78435, collection, discovery, persistence, ransomware, spyware, stealerMD5: bed3853c06f4fa8b1dca5cfd5ef08ba3SHA1: 08e6df089dfdf1c5c8f61550e33b93bc0373c3f1ANALYSIS DATE: 2022-10-08T08:33:00ZTTPS:...

Malware Analysis – smokeloader – 8ce22bc1444ad810017b5cebba54afef

October 8, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 8ce22bc1444ad810017b5cebba54afefSHA1: d4d00bae938c76891daaf5bba0c5210ee8a11335ANALYSIS DATE: 2022-10-08T09:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – wannacry – 3a90fb6f3194ef7204223681c17d05aa

October 8, 2022

Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, ransomware, wormMD5: 3a90fb6f3194ef7204223681c17d05aaSHA1: dcd511cadc7d96168f1d8a6d4d8ab9793cd5c841ANALYSIS DATE: 2022-10-08T09:39:54ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – djvu – 8ce22bc1444ad810017b5cebba54afef

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:raccoon, family:redline, family:smokeloader, family:vidar, botnet:17aad1e8aa2ca5164d7690cff1926390, botnet:517, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5:...

Malware Analysis – djvu – dded0f80668ac80813b64d0446c08a1a

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: dded0f80668ac80813b64d0446c08a1aSHA1: b8bd4baa6f8de52f74680ab9396c382ea37ba1e4ANALYSIS...

Malware Analysis – djvu – bf08335a7f356c591227c922bb569924

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: bf08335a7f356c591227c922bb569924SHA1: d7059fca57702cfa55fbe9b41ea8e10b56e69583ANALYSIS DATE: 2022-10-08T10:14:56ZTTPS: T1012, T1082, T1053, T1005,...

Malware Analysis – smokeloader – dded0f80668ac80813b64d0446c08a1a

October 8, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: dded0f80668ac80813b64d0446c08a1aSHA1: b8bd4baa6f8de52f74680ab9396c382ea37ba1e4ANALYSIS DATE: 2022-10-08T10:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 9fd1f518e56f044ab5daae7d530fdfd6

October 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 9fd1f518e56f044ab5daae7d530fdfd6SHA1: 38fd15016a4e44d9d0639b8569226555c4499244ANALYSIS DATE: 2022-10-08T10:10:54ZTTPS: T1053, T1005, T1081, T1012,...

OSINT

AoratosWin – A Tool That Removes Traces Of Executed Applications On Windows OS

Cobalt Stike Beacon Detected – 106[.]52[.]130[.]164:8001

Cobalt Stike Beacon Detected – 101[.]43[.]41[.]152:2222

Malware Analysis – smokeloader – 7c3f888f5b83a1fb3aa5bb7c5d7032b2

Malware Analysis – smokeloader – bed3853c06f4fa8b1dca5cfd5ef08ba3

Malware Analysis – dcrat – 7c3f888f5b83a1fb3aa5bb7c5d7032b2

Malware Analysis – djvu – f144821a106254d2511e9e1bb0f88c34

Cobalt Stike Beacon Detected – 5[.]44[.]42[.]45:443

Cobalt Stike Beacon Detected – 106[.]13[.]54[.]144:8009

Malware Analysis – djvu – 46d3d25d3dfb847965cc4b8af29403a2

Cobalt Stike Beacon Detected – 62[.]182[.]159[.]147:80

Cobalt Stike Beacon Detected – 43[.]155[.]2[.]46:2086

Malware Analysis – djvu – bed3853c06f4fa8b1dca5cfd5ef08ba3

Malware Analysis – smokeloader – 8ce22bc1444ad810017b5cebba54afef

Malware Analysis – wannacry – 3a90fb6f3194ef7204223681c17d05aa

Malware Analysis – djvu – 8ce22bc1444ad810017b5cebba54afef

Malware Analysis – djvu – dded0f80668ac80813b64d0446c08a1a

Malware Analysis – djvu – bf08335a7f356c591227c922bb569924

Malware Analysis – smokeloader – dded0f80668ac80813b64d0446c08a1a

Malware Analysis – djvu – 9fd1f518e56f044ab5daae7d530fdfd6

Empire C2 Detected – 138[.]68[.]25[.]174:8999

Daily Vulnerability Trends: Sat Oct 08 2022

TOP 10 unattributed APT mysteries

LockBit 3.0 Ransomware Victim: kortrijkserijschool[.]be

[AKIRA] – Ransomware Victim: Elliott Tax Service

[RHYSIDA] – Ransomware Victim: Automated Logistics Systems

[AKIRA] – Ransomware Victim: Benda Grace Stulz

[AKIRA] – Ransomware Victim: Palacios Marine & Industrial

[AKIRA] – Ransomware Victim: General Micro Systems

You may have missed