Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool....
threatintel
US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
CISA: Fortinet Releases Security Updates for FortiOS
Fortinet Releases Security Updates for FortiOS Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in...
Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug
Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices....
LockBit 3.0 Ransomware Victim: tdtu[.]edu[.]vn
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: sentecgroup[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: financierareyes[.]com[.]mx
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: k-toko[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: veolus[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
LockBit 3.0 Ransomware Victim: dof[.]ca[.]gov
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: rkfoodland[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: luxeprint[.]com[.]tw
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Indian foreign ministry’s Global Pravasi Rishta portal leaks expat passport details
The Cybernews research team reported that India’s government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post...
Malware Analysis – djvu – a086c884d1dc2920e8a959fcb8457f93
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:1808, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: a086c884d1dc2920e8a959fcb8457f93SHA1: 8a3e9388794c8ba3fcfd43906ea7942673cf26b0ANALYSIS DATE:...
Malware Analysis – medusalocker – 8645a413332f840e925bac3cf19ceb57
Score: 10 MALWARE FAMILY: medusalockerTAGS:family:medusalocker, evasion, ransomware, spyware, stealer, trojanMD5: 8645a413332f840e925bac3cf19ceb57SHA1: 87ca0cd2e1c04c2437d302f2864d1e68ea991677ANALYSIS DATE: 2022-12-12T15:09:16ZTTPS: T1005, T1081, T1082, T1088, T1089, T1112,...
Malware Analysis – djvu – 182bfc9ec8306d1ca638b0b503e6a941
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 182bfc9ec8306d1ca638b0b503e6a941SHA1: 3c92e8ce9be9b144be327fd7c8dc5becf25ed136ANALYSIS DATE: 2022-12-12T15:22:23ZTTPS: T1222, T1005, T1081, T1012,...
Malware Analysis – smokeloader – 0453295e7a2cbdaaeeb55c35d79027c9
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 0453295e7a2cbdaaeeb55c35d79027c9SHA1: 929e1d564f254ef3be6bc198db6baca7707fa67eANALYSIS DATE: 2022-12-12T17:05:45ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – d39f81d9c3234aef7cd5d6bd996686f3
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: d39f81d9c3234aef7cd5d6bd996686f3SHA1: a35001f1dcefbebe6087cd08132c141f12eed152ANALYSIS DATE: 2022-12-12T16:22:53ZTTPS: T1222, T1053, T1012, T1060,...
Malware Analysis – djvu – 117665adcf6258541591a576ef8f1bb0
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:1808, botnet:517, backdoor, bootkit, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 117665adcf6258541591a576ef8f1bb0SHA1: b479d82bd0b2bf6f207de043aa394a15437d84baANALYSIS...
Malware Analysis – persistence – 842d42bb052a77759c8f55d46021b2e0
Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, spyware, stealerMD5: 842d42bb052a77759c8f55d46021b2e0SHA1: 497403d1ba51ce198a46221395daf240c206bb36ANALYSIS DATE: 2022-12-12T17:28:00ZTTPS: T1005, T1081, T1082, T1012, T1120, T1060, T1112 ScoreMeaningExample10Known...
Malware Analysis – djvu – 9746e931befe5203bf5508cfa8cd17d1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:1808, backdoor, bootkit, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 9746e931befe5203bf5508cfa8cd17d1SHA1: 31835e5a238cd99e0fa36643077fd657bd48f8a1ANALYSIS DATE:...
Malware Analysis – djvu – b5690302c24d9b994a654ade98a39c88
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: b5690302c24d9b994a654ade98a39c88SHA1: 944f6ed97f130119dbc71158fd28fff3aa38832bANALYSIS DATE: 2022-12-12T17:20:54ZTTPS: T1005, T1081, T1060, T1112,...
Malware Analysis – smokeloader – 7ca4d4ca99e04052b638422677b7add0
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 7ca4d4ca99e04052b638422677b7add0SHA1: fc4741e176b584dca91476331597a3c3d3369657ANALYSIS DATE: 2022-12-12T17:17:06ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Cryptomining campaign targets Linux systems with Go-based CHAOS Malware
Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers...
