Security

Cobalt Stike Beacon Detected – 66[.]112[.]220[.]31:8080

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – smokeloader – 88d7dc05b7794c43d3139459c59887c3

December 22, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 88d7dc05b7794c43d3139459c59887c3SHA1: 22394c449abe2646eb9ad38ad21c535b24c88049ANALYSIS DATE: 2022-12-22T10:33:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Cobalt Stike Beacon Detected – 117[.]50[.]184[.]22:8686

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – – 26140638e7b26263ccb6060488bd66db

December 22, 2022

Score: 1 MALWARE FAMILY: TAGS:MD5: 26140638e7b26263ccb6060488bd66dbSHA1: e9ffb621ae7b601c3a0e567bd8fc0c97bed71497ANALYSIS DATE: 2022-12-22T11:15:41ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – djvu – 43d1e65899d0b271d1fba91b5790903c

December 22, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 43d1e65899d0b271d1fba91b5790903cSHA1: 76f798556f63316fb401b44a83209da04c7f76ffANALYSIS DATE: 2022-12-22T10:45:50ZTTPS: T1005, T1081, T1012, T1060, T1112, T1082,...

Malware Analysis – amadey – 2b79f0afb2dc42c780798c703991a6b7

December 22, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, botnet:mario23_10, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: 2b79f0afb2dc42c780798c703991a6b7SHA1: 98c46412d503e36d2178066a3ce2b24f49c280a1ANALYSIS...

Cobalt Stike Beacon Detected – 81[.]70[.]11[.]25:8443

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 77[.]73[.]131[.]193:80

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 84[.]32[.]128[.]5:88

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 110[.]41[.]131[.]105:5555

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – evasion – 0ada88218b67a313a4f5ab0062fbc4e6

December 22, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, trojanMD5: 0ada88218b67a313a4f5ab0062fbc4e6SHA1: 15dfcef932d666fdc7501bcee357ec2aabfcfdeeANALYSIS DATE: 2022-12-21T22:21:20ZTTPS: T1004, T1112, T1107, T1490, T1082, T1088, T1089, T1491...

Cobalt Stike Beacon Detected – 193[.]47[.]61[.]29:8080

December 22, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – persistence – 54919e1bd37c6431b3b1b8b6d53aabfe

December 22, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 54919e1bd37c6431b3b1b8b6d53aabfeSHA1: c2327bab84fa0d55cc23ee5006c83f0a6dc53e4cANALYSIS DATE: 2022-12-21T22:31:04ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – djvu – 2b2f148a884ecb4e1d0e2e785d3906c0

December 22, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 2b2f148a884ecb4e1d0e2e785d3906c0SHA1: b01445b11ebadf9e8cc7f6d56aad2c262806bfe8ANALYSIS DATE: 2022-12-21T23:55:03ZTTPS: T1005, T1081, T1012, T1082, T1053, T1060,...

Malware Analysis – persistence – 155717a88626227ad8d01c821dbf71ab

December 22, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, upxMD5: 155717a88626227ad8d01c821dbf71abSHA1: 4622f32d8c97d5a457f4e9ad58aa153acd8cbfacANALYSIS DATE: 2022-12-21T23:20:54ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – djvu – 3ca3558a8b09fb85c4ad02c9c23ccee0

December 22, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 3ca3558a8b09fb85c4ad02c9c23ccee0SHA1: c9646bc7543a3f42d471510d48324b806b07c6f6ANALYSIS DATE: 2022-12-21T22:34:34ZTTPS: T1012, T1005, T1081, T1222, T1053, T1082,...

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

December 21, 2022

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the...

Detecting Windows AMSI Bypass Techniques

December 21, 2022

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how...

Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks

December 21, 2022

From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings...

Malware Analysis – evasion – fd9170ec42a74eb94ad7e4d23fc793ba

December 21, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, trojanMD5: fd9170ec42a74eb94ad7e4d23fc793baSHA1: a541035a5fdc235e19d71fa42dc53f02c9a5b379ANALYSIS DATE: 2022-12-21T16:34:21ZTTPS: T1102, T1004, T1112, T1088, T1089, T1491, T1082, T1012...

Malware Analysis – djvu – 5bb7092fb1f0adf06c2ab31aab04ae33

December 21, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomwareMD5: 5bb7092fb1f0adf06c2ab31aab04ae33SHA1: a44f5a01b2786183c9d5f7f282ade30736a35254ANALYSIS DATE: 2022-12-21T16:56:06ZTTPS: T1130, T1112, T1060, T1222, T1082, T1053 ScoreMeaningExample10Known badA...

Malware Analysis – persistence – 83a31d74585bfebeadfdc651acad3159

December 21, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 83a31d74585bfebeadfdc651acad3159SHA1: 927908c24c7b9fb067400040b6672898d2618443ANALYSIS DATE: 2022-12-21T17:44:07ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – persistence – 62212183c9d54195239f18d9c42e7407

December 21, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, upxMD5: 62212183c9d54195239f18d9c42e7407SHA1: dee3dcb4795a6318f06d80ef110ce04fbc5f3bbaANALYSIS DATE: 2022-12-21T17:56:05ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – ransomware – b3f5d8a881bf8c1c0431cb6b9747918f

December 21, 2022

Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: b3f5d8a881bf8c1c0431cb6b9747918fSHA1: 7c2b61a227133ce76c2b2fa95945c82647cfb5fcANALYSIS DATE: 2022-12-21T17:48:05ZTTPS: T1082, T1107, T1490, T1012, T1120 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Security

Cobalt Stike Beacon Detected – 66[.]112[.]220[.]31:8080

Malware Analysis – smokeloader – 88d7dc05b7794c43d3139459c59887c3

Cobalt Stike Beacon Detected – 117[.]50[.]184[.]22:8686

Malware Analysis – – 26140638e7b26263ccb6060488bd66db

Malware Analysis – djvu – 43d1e65899d0b271d1fba91b5790903c

Malware Analysis – amadey – 2b79f0afb2dc42c780798c703991a6b7

Cobalt Stike Beacon Detected – 81[.]70[.]11[.]25:8443

Cobalt Stike Beacon Detected – 77[.]73[.]131[.]193:80

Cobalt Stike Beacon Detected – 84[.]32[.]128[.]5:88

Cobalt Stike Beacon Detected – 110[.]41[.]131[.]105:5555

Malware Analysis – evasion – 0ada88218b67a313a4f5ab0062fbc4e6

Cobalt Stike Beacon Detected – 193[.]47[.]61[.]29:8080

Malware Analysis – persistence – 54919e1bd37c6431b3b1b8b6d53aabfe

Malware Analysis – djvu – 2b2f148a884ecb4e1d0e2e785d3906c0

Malware Analysis – persistence – 155717a88626227ad8d01c821dbf71ab

Malware Analysis – djvu – 3ca3558a8b09fb85c4ad02c9c23ccee0

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Detecting Windows AMSI Bypass Techniques

Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks

Malware Analysis – evasion – fd9170ec42a74eb94ad7e4d23fc793ba

Malware Analysis – djvu – 5bb7092fb1f0adf06c2ab31aab04ae33

Malware Analysis – persistence – 83a31d74585bfebeadfdc651acad3159

Malware Analysis – persistence – 62212183c9d54195239f18d9c42e7407

Malware Analysis – ransomware – b3f5d8a881bf8c1c0431cb6b9747918f

CVE Alert: CVE-2025-10058 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

CVE Alert: CVE-2025-10057 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress

CVE Alert: CVE-2025-10143 – catchthemes – Catch Dark Mode

CVE Alert: CVE-2025-10589 – N-Partner – N-Reporter

Cobalt Strike Beacon Detected – 38[.]173[.]19[.]175:8731

You may have missed