The Week in Ransomware – February 10th 2023 – Clop’s Back
From ongoing attacks targeting ESXi servers to sanctions on Conti/TrickBot members, it has been quite a busy week regarding ransomware....
threatintel
Lazarus hackers use new mixer to hide $100 million in stolen crypto
North Korean hackers have found a way around U.S.-imposed sanctions to launder the cryptocurrency proceeds from their heists, according to...
FTC: $1.3 billion lost by 70,000 Americans to romance scams last year
The U.S. Federal Trade Commission (FTC) says Americans once again reported record losses of $1.3 billion to romance scams in...
Spain, U.S. dismantle phishing gang that stole $5 million in a year
Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who...
Pepsi Bottling Ventures suffers data breach after malware attack
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing...
Ransomware hits Technion university to protest tech layoffs and Israel
A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading...
Eurostar forces ‘password resets’ — then fails and locks users out
International high-speed rail operator, Eurostar, is emailing its users this week and forcing them to reset their account passwords in a bid to "upgrade"...
Cloudflare blocks record-breaking 71 million RPS DDoS attack
This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The company said...
451 PyPI packages install Chrome extensions to steal crypto
Over 450 malicious PyPI python packages were found installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto...
New ‘MortalKombat’ ransomware targets systems in the U.S.
Hackers conducting a new financially motivated campaign are using a variant of the Xortist commodity ransomware named 'MortalKombat,' together with...
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs
Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and...
RedEyes hackers use new malware to steal data from Windows, phones
The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection. APT37, also...
Healthcare giant CHS reports first data breach in GoAnywhere hacks
Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra’s...
New stealthy ‘Beep’ malware focuses heavily on evading detection
A new stealthy malware named 'Beep' was discovered last week, featuring many features to evade analysis and detection by security...
Microsoft: Exchange Server 2013 reaches end of support in April
Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support (EOS) date in 60 days, on April...
NPM packages posing as speed testers install crypto miners instead
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers...
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running...
Malware Analysis – dcrat – 0fde60e5e798fd13595ebc51b0294983
Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:laplas, family:rhadamanthys, family:smokeloader, family:vidar, botnet:19, backdoor, clipper, collection, discovery, evasion, infostealer, persistence, ransomware, rat,...
Malware Analysis – – f1c6ffbef4f05c68364d24fffc124f03
Score: 1 MALWARE FAMILY: TAGS:MD5: f1c6ffbef4f05c68364d24fffc124f03SHA1: fed0ef1c53333f699f94dffb85c70dae3b51706cANALYSIS DATE: 2023-02-15T03:18:17ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – djvu – f6e4d307bf6f9653e2855a2c6802a1d1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: f6e4d307bf6f9653e2855a2c6802a1d1SHA1: 4b3bd7bc5cf228822f760ec0c85b1dad165ea27eANALYSIS DATE: 2023-02-15T03:29:12ZTTPS: T1012, T1082, T1053, T1005,...
Malware Analysis – djvu – 0ee550afc9cf3dfb22194926a66175f2
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 0ee550afc9cf3dfb22194926a66175f2SHA1: 2e4c903f3729a2aa53f2b765bfd8fff6951008edANALYSIS DATE: 2023-02-15T04:20:12ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – smokeloader – aafed58c0c20e3e6b15639650c448e34
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: aafed58c0c20e3e6b15639650c448e34SHA1: 5a2753f9eb4d15e8f322f61e8c58535820c0ec8aANALYSIS DATE: 2023-02-15T04:03:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – evasion – 9a4f70d1aed0c3e4cab2d565d8c2b2e3
Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 9a4f70d1aed0c3e4cab2d565d8c2b2e3SHA1: 7ba0a92f77013b4b3df590399da28c181a423a94ANALYSIS DATE: 2023-02-15T05:00:36ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 65e17c11acce0df0487431c9f97c685a
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 65e17c11acce0df0487431c9f97c685aSHA1: 35dc904af2a96e6f4f87857b45fc1ab5cf23ab2cANALYSIS DATE: 2023-02-15T05:03:13ZTTPS: T1005, T1081, T1012, T1082,...
