Security

Cobalt Stike Beacon Detected – 121[.]4[.]154[.]240:4000

January 20, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:443

January 20, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 182[.]160[.]0[.]248:80

January 20, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Posh C2 Detected – 146[.]190[.]86[.]212:4443

January 20, 2023

The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...

DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process

January 19, 2023

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...

Malware Analysis – djvu – c266d56f0bbea899b2cfa58f192a9f86

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c266d56f0bbea899b2cfa58f192a9f86SHA1: 0f2191d9571e04ed4cf14188b9eab8f210f6c652ANALYSIS DATE: 2023-01-19T16:59:57ZTTPS: T1222, T1082, T1005, T1081,...

Malware Analysis – persistence – da8e21489a2c6c01ee676c304c8541c1

January 19, 2023

Score: 8 MALWARE FAMILY: persistenceTAGS:persistenceMD5: da8e21489a2c6c01ee676c304c8541c1SHA1: 40e6d3aa1f0fa21fae1a9563174b45b432aa3306ANALYSIS DATE: 2023-01-19T17:42:31ZTTPS: T1060, T1112, T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 50fee0fee96a3c681b9c47eada3fffdf

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 50fee0fee96a3c681b9c47eada3fffdfSHA1: db64c7d74705e4a3c08ca50c140fa84d3c4fce09ANALYSIS DATE: 2023-01-19T17:22:07ZTTPS: T1012, T1222, T1082, T1005,...

Malware Analysis – discovery – 133af41cfec522b7f583fcf77be37b1a

January 19, 2023

Score: 8 MALWARE FAMILY: discoveryTAGS:discoveryMD5: 133af41cfec522b7f583fcf77be37b1aSHA1: 50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0ANALYSIS DATE: 2023-01-19T17:13:15ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – locky – fb6ca1cd232151d667f6cd2484fee8c8

January 19, 2023

Score: 10 MALWARE FAMILY: lockyTAGS:family:locky, ransomwareMD5: fb6ca1cd232151d667f6cd2484fee8c8SHA1: f7bb52767afd2cd32ede8b5f83012eb99ba1ce28ANALYSIS DATE: 2023-01-19T17:42:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 1e12ef6d811ea006a932860cd74b0282

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 1e12ef6d811ea006a932860cd74b0282SHA1: fcbef26773b2ef3a41bf1a74f4ed59233283321dANALYSIS DATE: 2023-01-19T09:27:14ZTTPS: T1130, T1112, T1060, T1222, T1082,...

Cobalt Stike Beacon Detected – 47[.]242[.]164[.]33:9998

January 19, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 1[.]117[.]117[.]162:8888

January 19, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 202[.]182[.]117[.]134:8087

January 19, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 103[.]105[.]49[.]52:80

January 19, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – vidar – 6fb6025c04ba6fa3d4820aea944e3667

January 19, 2023

Score: 10 MALWARE FAMILY: vidarTAGS:family:vidar, botnet:408, discovery, persistence, ransomware, spyware, stealerMD5: 6fb6025c04ba6fa3d4820aea944e3667SHA1: b5fa73ed8561665ddaa9b9baecb427dd166d034bANALYSIS DATE: 2023-01-19T09:28:45ZTTPS: T1005, T1081, T1130, T1112, T1082,...

Malware Analysis – djvu – 892865bd136926da1ef72498bb1fb355

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 892865bd136926da1ef72498bb1fb355SHA1: 53103a535dd72d6156b0a2ba739071b98ec549a8ANALYSIS DATE: 2023-01-19T11:02:44ZTTPS: T1012, T1082, T1005, T1081,...

Malware Analysis – djvu – 30f074e92a9351c582e31b3be1e4a6c3

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:rhadamanthys, family:smokeloader, family:vidar, botnet:19, botnet:test, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5:...

Malware Analysis – djvu – 1c7c18d59d23a9901b0e2b8e48dcde2c

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 1c7c18d59d23a9901b0e2b8e48dcde2cSHA1: 4579072148edd252a0a6eaa87eea1a0f73599258ANALYSIS DATE: 2023-01-19T11:39:45ZTTPS: T1222, T1082, T1130, T1112, T1060...

Malware Analysis – – bf9859562a838793808f162f59a451a6

January 19, 2023

Score: 3 MALWARE FAMILY: TAGS:MD5: bf9859562a838793808f162f59a451a6SHA1: 6edf259df3a9031428ca8a2e56c4da1caff643afANALYSIS DATE: 2023-01-19T03:46:06ZTTPS: T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – smokeloader – 0ed65c594991f0a57f7209966ce2c081

January 19, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 0ed65c594991f0a57f7209966ce2c081SHA1: 101e646cddf7eb518ed185e1946b3a2715b21057ANALYSIS DATE: 2023-01-19T03:05:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 1e61d2b0a41e30bb734ddbe53bb66880

January 19, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 1e61d2b0a41e30bb734ddbe53bb66880SHA1: 26dc0624b6d0286043cf55c3299bd14161f9e19fANALYSIS DATE: 2023-01-19T03:00:52ZTTPS: T1060, T1112, T1012, T1082,...

Malware Analysis – – 6e5b443ec0bb37d7d7a332ee1de244b0

January 19, 2023

Score: 3 MALWARE FAMILY: TAGS:MD5: 6e5b443ec0bb37d7d7a332ee1de244b0SHA1: 0973b62f00138342e2f605fd04fe66a408611ab5ANALYSIS DATE: 2023-01-19T03:49:06ZTTPS: T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 1aef2be1b15c67a54cbc186937e4066d

January 19, 2023

Security

Cobalt Stike Beacon Detected – 121[.]4[.]154[.]240:4000

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:443

Cobalt Stike Beacon Detected – 182[.]160[.]0[.]248:80

Posh C2 Detected – 146[.]190[.]86[.]212:4443

DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process

Malware Analysis – djvu – c266d56f0bbea899b2cfa58f192a9f86

Malware Analysis – persistence – da8e21489a2c6c01ee676c304c8541c1

Malware Analysis – djvu – 50fee0fee96a3c681b9c47eada3fffdf

Malware Analysis – discovery – 133af41cfec522b7f583fcf77be37b1a

Malware Analysis – locky – fb6ca1cd232151d667f6cd2484fee8c8

Malware Analysis – djvu – 1e12ef6d811ea006a932860cd74b0282

Cobalt Stike Beacon Detected – 47[.]242[.]164[.]33:9998

Cobalt Stike Beacon Detected – 1[.]117[.]117[.]162:8888

Cobalt Stike Beacon Detected – 202[.]182[.]117[.]134:8087

Cobalt Stike Beacon Detected – 103[.]105[.]49[.]52:80

Malware Analysis – vidar – 6fb6025c04ba6fa3d4820aea944e3667

Malware Analysis – djvu – 892865bd136926da1ef72498bb1fb355

Malware Analysis – djvu – 30f074e92a9351c582e31b3be1e4a6c3

Malware Analysis – djvu – 1c7c18d59d23a9901b0e2b8e48dcde2c

Malware Analysis – – bf9859562a838793808f162f59a451a6

Malware Analysis – smokeloader – 0ed65c594991f0a57f7209966ce2c081

Malware Analysis – djvu – 1e61d2b0a41e30bb734ddbe53bb66880

Malware Analysis – – 6e5b443ec0bb37d7d7a332ee1de244b0

Malware Analysis – djvu – 1aef2be1b15c67a54cbc186937e4066d

[DRAGONFORCE] – Ransomware Victim: GB Mail

[AKIRA] – Ransomware Victim: Mold In Graphic Systems

[STORMOUS] – Ransomware Victim: !

CVE Alert: CVE-2025-12863 – Red Hat – Red Hat Enterprise Linux 10

Cobalt Strike Beacon Detected – 8[.]153[.]205[.]30:8080

You may have missed