Security

Cobalt Stike Beacon Detected – 20[.]90[.]90[.]172:443

December 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – dcrat – 545edb09eef6849f6c2b3f87b3dfc5d3

December 10, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:vidar, botnet:517, botnet:mario23_10, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealerMD5: 545edb09eef6849f6c2b3f87b3dfc5d3SHA1:...

Malware Analysis – djvu – 3e132606c5205c1200f61a3dd211c794

December 10, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 3e132606c5205c1200f61a3dd211c794SHA1: 00ef28583d621983254fb0285fcd1084e0d4d030ANALYSIS DATE: 2022-12-10T09:47:23ZTTPS: T1060, T1112, T1222, T1012,...

Cobalt Stike Beacon Detected – 179[.]43[.]154[.]154:80

December 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – dcrat – 2c6e6e290972fcd5e556efccfd51f174

December 10, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:raccoon, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:ec7a54fb6492ff3a52d09504b8ecf082, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware,...

Malware Analysis – dcrat – 5eb828dff6222ddbe9a3ee89ccf031c5

December 10, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:mario23_10, backdoor, bootkit, collection, discovery, infostealer, persistence, ransomware, rat, spyware,...

How to train your Ghidra

December 10, 2022

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate...

Janicab_malware_law_SL-featured-990x400-1

DeathStalker targets legal entities with new Janicab variant

December 10, 2022

Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in...

Malware Analysis – – 0957d09f815e2260860bdd9d5dda1381

December 10, 2022

Score: 3 MALWARE FAMILY: TAGS:MD5: 0957d09f815e2260860bdd9d5dda1381SHA1: ec885100590e960007c45fb0fdd3f82a5aa8fa8bANALYSIS DATE: 2022-12-05T18:58:08ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – smokeloader – 62d2eee763f97a3ee7eedd9c44d4ae06

December 10, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 62d2eee763f97a3ee7eedd9c44d4ae06SHA1: 809809a585c0275ab3a5620b974b1ca75acec2d6ANALYSIS DATE: 2022-12-10T04:45:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – a398399a3cf53c16d8d9eb535174c4ae

December 10, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: a398399a3cf53c16d8d9eb535174c4aeSHA1: 8696d4b0a585d6ac07068a7a4e83daffecf73b30ANALYSIS DATE: 2022-12-10T04:00:33ZTTPS: T1222, T1060, T1112, T1005,...

Malware Analysis – dcrat – 73a5d127eaaf6fb828f619ef256968e0

December 10, 2022

Malware Analysis – ransomware – 355b1f0ecc6f21d424d290fd1cf8f9c4

December 10, 2022

Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 355b1f0ecc6f21d424d290fd1cf8f9c4SHA1: d8e77cff676472549fc632dd95a984f574c5d2c3ANALYSIS DATE: 2022-12-10T05:40:07ZTTPS: T1491, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – ransomware – 2174e0b00c34d4341a684eed4878368a

December 10, 2022

Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 2174e0b00c34d4341a684eed4878368aSHA1: fcead4a3af7f6018692f947f3d8f93caf048cc67ANALYSIS DATE: 2022-12-10T05:40:07ZTTPS: T1491, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – evasion – 5db22ff59ff6dc30ed8ae5133954f6bd

December 10, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 5db22ff59ff6dc30ed8ae5133954f6bdSHA1: f8a218eddd1c53390aa71c967eb842f4fe8e5054ANALYSIS DATE: 2022-12-10T05:23:04ZTTPS: T1031 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Security

Cobalt Stike Beacon Detected – 20[.]90[.]90[.]172:443

Malware Analysis – dcrat – 545edb09eef6849f6c2b3f87b3dfc5d3

Malware Analysis – djvu – 3e132606c5205c1200f61a3dd211c794

Cobalt Stike Beacon Detected – 179[.]43[.]154[.]154:80

Malware Analysis – dcrat – 2c6e6e290972fcd5e556efccfd51f174

Malware Analysis – dcrat – 5eb828dff6222ddbe9a3ee89ccf031c5

How to train your Ghidra

DeathStalker targets legal entities with new Janicab variant

Malware Analysis – – 0957d09f815e2260860bdd9d5dda1381

Malware Analysis – smokeloader – 62d2eee763f97a3ee7eedd9c44d4ae06

Malware Analysis – djvu – a398399a3cf53c16d8d9eb535174c4ae

Malware Analysis – dcrat – 73a5d127eaaf6fb828f619ef256968e0

Malware Analysis – ransomware – 355b1f0ecc6f21d424d290fd1cf8f9c4

Malware Analysis – ransomware – 2174e0b00c34d4341a684eed4878368a

Malware Analysis – evasion – 5db22ff59ff6dc30ed8ae5133954f6bd

Malware Analysis – dcrat – a53e90033448a8156937bb17eddfc43b

Cobalt Stike Beacon Detected – 162[.]14[.]83[.]232:80

Cobalt Stike Beacon Detected – 157[.]245[.]50[.]113:443

Cobalt Stike Beacon Detected – 85[.]208[.]136[.]130:8443

Cobalt Stike Beacon Detected – 121[.]4[.]102[.]199:8004

Cobalt Stike Beacon Detected – 43[.]154[.]196[.]141:8088

Cobalt Stike Beacon Detected – 111[.]90[.]151[.]229:443

Cobalt Stike Beacon Detected – 43[.]140[.]244[.]151:6666

Cobalt Stike Beacon Detected – 154[.]39[.]0[.]141:443

Securing Critical Infrastructure in the Digital Age

Cobalt Strike Beacon Detected – 47[.]76[.]30[.]15:80

Cobalt Strike Beacon Detected – 52[.]140[.]245[.]31:80

Cobalt Strike Beacon Detected – 120[.]27[.]235[.]78:80

Cobalt Strike Beacon Detected – 8[.]138[.]47[.]245:80

You may have missed