CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
threatintel
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling...
US-CERT Vulnerability Summary for the Week of April 10, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
PowerMeUp – A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!
This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file...
Malware Analysis – djvu – 58bed43c59725777ba297b624a20aa9b
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:bf58e1879f88b222ba2391682babf9d8, discovery, persistence, ransomware, spyware, stealerMD5: 58bed43c59725777ba297b624a20aa9bSHA1: bf9175aa263d1430e14ba0d82c4b22dd8bce8fc2ANALYSIS DATE: 2023-04-22T15:30:39ZTTPS: T1005, T1081, T1222, T1082,...
Malware Analysis – nemty – 0000efd7a890e1e1a93e481288f5bd2a
Score: 10 MALWARE FAMILY: nemtyTAGS:family:nemty, ransomwareMD5: 0000efd7a890e1e1a93e481288f5bd2aSHA1: b5c5386dcbd850262a7a81ff818343dc306e58ceANALYSIS DATE: 2023-04-22T15:37:03ZTTPS: T1107, T1490, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – sodinokibi – fa8117afd2dbd20513522f2f8e991262
Score: 10 MALWARE FAMILY: sodinokibiTAGS:family:sodinokibi, botnet:$2b$13$wz1rerfdlg.aistldqg5jeqqysemspatwkhdwbpwvrc3ty7akscg6, campaign:49, ransomwareMD5: fa8117afd2dbd20513522f2f8e991262SHA1: f7b876edb8fc0c83fd8b665d3c5a1050d4396302ANALYSIS DATE: 2023-04-22T15:31:03ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – evasion – e634caa91e10f27736e85527c9689850
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: e634caa91e10f27736e85527c9689850SHA1: 92cf5e1ba154a02cf99e98a927f328b8332bbf5cANALYSIS DATE: 2023-04-22T15:59:51ZTTPS: T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – – c34c49a9b96d5a7d748a0a4d9710c724
Score: 6 MALWARE FAMILY: TAGS:MD5: c34c49a9b96d5a7d748a0a4d9710c724SHA1: ff1f0f83fb7ad3de4a6575c8e74e829047a41e87ANALYSIS DATE: 2023-04-22T15:39:02ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – djvu – 4656b7d2f66e89e0e4abd1d89644cd28
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:bf58e1879f88b222ba2391682babf9d8, discovery, persistence, ransomware, spyware, stealerMD5: 4656b7d2f66e89e0e4abd1d89644cd28SHA1: 3edeb841721f62785d3c2d79efbe7500438dacaeANALYSIS DATE: 2023-04-22T17:10:25ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – amadey – 478b577f1c2f29eac6bf1c49bab3e999
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:rhadamanthys, family:smokeloader, family:vidar, family:xmrig, botnet:bf58e1879f88b222ba2391682babf9d8, botnet:pub1, backdoor, collection, discovery, evasion, miner, persistence, ransomware,...
Malware Analysis – amadey – d9b10e1835acff0918213a43a4d6c29d
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:rhadamanthys, family:smokeloader, family:vidar, family:xmrig, botnet:bf58e1879f88b222ba2391682babf9d8, botnet:pub1, backdoor, collection, discovery, evasion, miner, persistence, ransomware,...
Malware Analysis – djvu – c4c89fbaf5fec1345072aa7fab40c017
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:bf58e1879f88b222ba2391682babf9d8, discovery, persistence, ransomware, spyware, stealerMD5: c4c89fbaf5fec1345072aa7fab40c017SHA1: 3abc91a497a4fbaea1da12dccd4a5b1516c022b6ANALYSIS DATE: 2023-04-22T16:30:48ZTTPS: T1005, T1081, T1060, T1112,...
Play Ransomware Victim: UECC
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Play Ransomware Victim: Groupe Gambetta
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Black Basta Ransomware Victim: Yellow Pages
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: stuertz[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Vice Society Ransomware Victim: Neptune Lines
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV)...
Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure...
Karakurt Ransomware Victim: Wynn-Reeth
KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley,...
The Week in Ransomware – April 21st 2023 – Macs in the Crosshairs
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an...
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack...
