Security

Cobalt Stike Beacon Detected – 47[.]98[.]173[.]89:9999

October 28, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]63:443

October 28, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 118[.]26[.]39[.]71:80

October 28, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 8[.]129[.]79[.]245:443

October 28, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – xorist – 5d46d851558adab2374ec9206f0b621b

October 28, 2022

Score: 10 MALWARE FAMILY: xoristTAGS:family:xorist, persistence, ransomware, spyware, stealer, upxMD5: 5d46d851558adab2374ec9206f0b621bSHA1: 07b39753ba49f541654ae3b04b1ced70accafdb1ANALYSIS DATE: 2022-10-28T08:20:10ZTTPS: T1060, T1112, T1005, T1081 ScoreMeaningExample10Known badA...

Malware Analysis – smokeloader – c3ac1f6d135647b204eb350e5529d6b6

October 28, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: c3ac1f6d135647b204eb350e5529d6b6SHA1: 1f3705b9c284616e13129798475c9e8598cdda18ANALYSIS DATE: 2022-10-28T08:16:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – smokeloader – 55cc2eba27a491218b7d57649241f550

October 28, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 55cc2eba27a491218b7d57649241f550SHA1: 2d60cd3f6f1f987414a5de5d28e84036657a4559ANALYSIS DATE: 2022-10-28T09:01:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 8d37180cd9df7790e84bde3b55763ba9

October 28, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:1752, botnet:google2, botnet:mario23_10, botnet:slovarik15btc, backdoor, collection, discovery, infostealer, ransomware, spyware, stealer, trojan,...

Malware Analysis – persistence – 1afd68147ac485753917930116210a40

October 28, 2022

Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 1afd68147ac485753917930116210a40SHA1: 8c8deec48a8a7c3d4e5af8e26e8b3d09decad08bANALYSIS DATE: 2022-10-28T10:31:11ZTTPS: T1130, T1112, T1012, T1120, T1082, T1060 ScoreMeaningExample10Known badA malware family...

Malware Analysis – ransomware – 4c23c3e90104c74108cc92fb71b40e47

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 4c23c3e90104c74108cc92fb71b40e47SHA1: c594dbf47e29032a258e0bb64cbc2ce90e47f9d5ANALYSIS DATE: 2022-10-28T10:40:25ZTTPS: T1005, T1081, T1082, T1107, T1490, T1091 ScoreMeaningExample10Known badA malware...

Malware Analysis – ransomware – 05642d4d7f7c155d1fdf6607f78fe4f1

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 05642d4d7f7c155d1fdf6607f78fe4f1SHA1: 291a0a11a12c7a329a8ed36f6e6e99e49331b0d5ANALYSIS DATE: 2022-10-28T10:40:20ZTTPS: T1005, T1081, T1082, T1107, T1490, T1091 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – 979b84f1ab146e6472e5c18346e46089

October 28, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:slovarik15btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware,...

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

October 28, 2022

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has...

New York Post hacked? No, the culprit is an employee

October 28, 2022

Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians....

Malware Analysis – persistence – f0979d897155f51fd96a63c61e05d85c

October 28, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, spyware, stealerMD5: f0979d897155f51fd96a63c61e05d85cSHA1: decf7df4b1c709879a023ed0b8b4f6317124aba6ANALYSIS DATE: 2022-10-28T02:40:14ZTTPS: T1060, T1112, T1005, T1081 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – amadey – ea49ed458a3fda19979b3900607b5234

October 28, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:remcos, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:remotehost, botnet:slovarik15btc, backdoor, collection, discovery, infostealer,...

Malware Analysis – wannacry – 962443d2cfa12dd0aaa0761250ddcc82

October 28, 2022

Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 962443d2cfa12dd0aaa0761250ddcc82SHA1: bc9d5e318b95e648d6a9da943c5e5a65c09f8931ANALYSIS DATE: 2022-10-28T03:20:20ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – ransomware – 93a803afbb21cfbcc6e9371cc6c13f80

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 93a803afbb21cfbcc6e9371cc6c13f80SHA1: f55511cc24bcc621a924a2aeffa73fc21d0ea667ANALYSIS DATE: 2022-10-28T03:00:22ZTTPS: T1082, T1107, T1490, T1091, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – evasion – 0d406739d2347f98f3df4dcd439cc405

October 28, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0d406739d2347f98f3df4dcd439cc405SHA1: 0b5d30e69316ca06ca1c9703346c8998e5433a88ANALYSIS DATE: 2022-10-28T03:35:05ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – evasion – 486b0b890f76baefb7c2c19081a0a522

October 28, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 486b0b890f76baefb7c2c19081a0a522SHA1: ff0bd42969476bf3b2b45d0fcf38d4f7a705efa9ANALYSIS DATE: 2022-10-28T03:37:04ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 046574dc17dca15013376cc8af4c799f

October 28, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 046574dc17dca15013376cc8af4c799fSHA1: 68e3dc8ad4fce013bd822f95ff662252370e2800ANALYSIS DATE: 2022-10-28T03:46:04ZTTPS: T1005, T1081, T1130, T1112,...

Malware Analysis – amadey – 75b71d343f0d858780eaff9728ee05fd

October 28, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:slovarik15btc, backdoor, collection, discovery, infostealer, persistence, ransomware,...

Malware Analysis – discovery – 96d0a63a8d102c8453350d84e23ebe7f

October 28, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 96d0a63a8d102c8453350d84e23ebe7fSHA1: e1190dc0f5059cc3c55b462ca40924d5c8ef4980ANALYSIS DATE: 2022-10-28T03:46:57ZTTPS: T1060, T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – e6c1f8a982119f6284e0da95a38cacaa

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: e6c1f8a982119f6284e0da95a38cacaaSHA1: 0178a1150393ec4e9269b71a2e39703d97a0cf6dANALYSIS DATE: 2022-10-28T04:11:47ZTTPS: T1005, T1081, T1082, T1107, T1490, T1091 ScoreMeaningExample10Known badA malware...

Security

Cobalt Stike Beacon Detected – 47[.]98[.]173[.]89:9999

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]63:443

Cobalt Stike Beacon Detected – 118[.]26[.]39[.]71:80

Cobalt Stike Beacon Detected – 8[.]129[.]79[.]245:443

Malware Analysis – xorist – 5d46d851558adab2374ec9206f0b621b

Malware Analysis – smokeloader – c3ac1f6d135647b204eb350e5529d6b6

Malware Analysis – smokeloader – 55cc2eba27a491218b7d57649241f550

Malware Analysis – djvu – 8d37180cd9df7790e84bde3b55763ba9

Malware Analysis – persistence – 1afd68147ac485753917930116210a40

Malware Analysis – ransomware – 4c23c3e90104c74108cc92fb71b40e47

Malware Analysis – ransomware – 05642d4d7f7c155d1fdf6607f78fe4f1

Malware Analysis – djvu – 979b84f1ab146e6472e5c18346e46089

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

New York Post hacked? No, the culprit is an employee

Malware Analysis – persistence – f0979d897155f51fd96a63c61e05d85c

Malware Analysis – amadey – ea49ed458a3fda19979b3900607b5234

Malware Analysis – wannacry – 962443d2cfa12dd0aaa0761250ddcc82

Malware Analysis – ransomware – 93a803afbb21cfbcc6e9371cc6c13f80

Malware Analysis – evasion – 0d406739d2347f98f3df4dcd439cc405

Malware Analysis – evasion – 486b0b890f76baefb7c2c19081a0a522

Malware Analysis – djvu – 046574dc17dca15013376cc8af4c799f

Malware Analysis – amadey – 75b71d343f0d858780eaff9728ee05fd

Malware Analysis – discovery – 96d0a63a8d102c8453350d84e23ebe7f

Malware Analysis – ransomware – e6c1f8a982119f6284e0da95a38cacaa

[INCRANSOM] – Ransomware Victim: coruzcitywndata+

[NOVA] – Ransomware Victim: Portel Logistic Technologies

[QILIN] – Ransomware Victim: www[.]nuphoton[.]com

[QILIN] – Ransomware Victim: semco-tech[.]com

[KAWA4096] – Ransomware Victim: ****-*[.]co[.]jp

You may have missed