threatintel

Malware Analysis – amadey – 49cd88e363a5f738cbbd54d592512330

March 27, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:rhadamanthys, family:smokeloader, family:xmrig, botnet:koreamon, botnet:pub1, botnet:sprg, backdoor, discovery, evasion, infostealer, miner, persistence, ransomware,...

Malware Analysis – djvu – 23f7d98ddb2bafaefd121c30aeb2a7b1

March 27, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: 23f7d98ddb2bafaefd121c30aeb2a7b1SHA1: 56e0967ba750cc8b8a7eaaad287210ff494e32a9ANALYSIS DATE: 2023-03-27T16:43:01ZTTPS: T1012, T1082, T1053, T1005,...

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

March 27, 2023

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and...

Where SSO Falls Short in Protecting SaaS

March 27, 2023

Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one...

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

March 27, 2023

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices....

LockBit 3.0 Ransomware Victim: mcna[.]net

March 27, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: ita-moulding-process[.]com

March 27, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: ulmacarretillas[.]com

March 27, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

FBI: Business email compromise tactics used to defraud U.S. vendors

March 27, 2023

The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email...

Emotet malware distributed as fake W-9 tax forms from the IRS

March 27, 2023

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue...

Brute Ratel C4 Detected – 52[.]192[.]166[.]233:80

March 27, 2023

The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...

US-CERT Vulnerability Summary for the Week of March 13, 2023

March 26, 2023

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...

Malware Analysis – djvu – 4337baca641bc801e6223757534aee9d

March 26, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: 4337baca641bc801e6223757534aee9dSHA1: 6b73961e68d5988454ad04de870c7ea6570aeaf1ANALYSIS DATE: 2023-03-26T15:05:04ZTTPS: T1012, T1082, T1005, T1081,...

Malware Analysis – smokeloader – 4293ec458e657eeb42ca2ec2eb09b76d

March 26, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 4293ec458e657eeb42ca2ec2eb09b76dSHA1: 2589d4a26f3462d7bb19756c291b6ad9235abd21ANALYSIS DATE: 2023-03-26T15:23:02ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – c2c9766bc21d684fdb277faa414fd9ce

March 26, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: c2c9766bc21d684fdb277faa414fd9ceSHA1: 0570ff0ab1e3de949f78a28c3baad118cfaf3e14ANALYSIS DATE: 2023-03-26T15:15:31ZTTPS: T1222, T1082, T1005, T1081,...

Malware Analysis – amadey – a1c240e28cf9828fe5adc68119a57fa6

March 26, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, trojanMD5: a1c240e28cf9828fe5adc68119a57fa6SHA1: 0afbabe69316a1b24c1fc374e58247b14a821cc3ANALYSIS DATE: 2023-03-26T16:09:36ZTTPS: T1012, T1120, T1082,...

Malware Analysis – discovery – fea29a2bbc979a1a83a9887b62240d6e

March 26, 2023

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: fea29a2bbc979a1a83a9887b62240d6eSHA1: b6c1ab3b84f50a1aa567c311b77fade00379b006ANALYSIS DATE: 2023-03-26T16:12:51ZTTPS: T1082, T1112, T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – discovery – 709002961b4a3d18185690cf820c4758

March 26, 2023

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 709002961b4a3d18185690cf820c4758SHA1: 9e45ade994f2d711f12fd1bdd24c76c29190d919ANALYSIS DATE: 2023-03-26T16:01:50ZTTPS: T1222, T1082, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – – a4d576b2217f5bdcc4efca32e703e0a2

March 26, 2023

Score: 1 MALWARE FAMILY: TAGS:MD5: a4d576b2217f5bdcc4efca32e703e0a2SHA1: 5703dc18b0092465cc69af76897a0555b593f9abANALYSIS DATE: 2023-03-26T15:25:02ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – djvu – 438c524825fa5796932fc0b3e71c5530

March 26, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: 438c524825fa5796932fc0b3e71c5530SHA1: f2078d3751e1c7df7c900be289051d0748ae22f7ANALYSIS DATE: 2023-03-26T16:47:46ZTTPS: T1053, T1005, T1081, T1012,...

Malware Analysis – djvu – 09a12cf0789b098cd676c9d8e239726a

March 26, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: 09a12cf0789b098cd676c9d8e239726aSHA1: 4e1059ceb454a080cbc96b95f60c65194f898976ANALYSIS DATE: 2023-03-26T16:22:08ZTTPS: T1082, T1012, T1053, T1060,...

Malware Analysis – amadey – d5f44fb56fbe9aa34059918852502617

March 26, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:pseudomanuscrypt, family:redline, family:smokeloader, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, botnet:koreamon, botnet:pub1, botnet:sprg, backdoor, discovery, infostealer, loader, persistence, ransomware,...

Malware Analysis – djvu – 294f2eaa193bad38c22be347cb2edd88

March 26, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:00d92484c9b27bc8482a2cc94cacc508, discovery, persistence, ransomware, spyware, stealerMD5: 294f2eaa193bad38c22be347cb2edd88SHA1: 759cb9fff31528b19c2574b48c030e9eb77d355fANALYSIS DATE: 2023-03-26T16:26:10ZTTPS: T1012, T1082, T1060, T1112,...

Malware Analysis – ransomware – 3b8e23af5c43555dce7c6e90a0828ef4

March 26, 2023

Score: 6 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 3b8e23af5c43555dce7c6e90a0828ef4SHA1: d2eb46086dae54f298d00874e11677ddd58e2a34ANALYSIS DATE: 2023-03-26T17:25:43ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

threatintel

Malware Analysis – amadey – 49cd88e363a5f738cbbd54d592512330

Malware Analysis – djvu – 23f7d98ddb2bafaefd121c30aeb2a7b1

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Where SSO Falls Short in Protecting SaaS

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

LockBit 3.0 Ransomware Victim: mcna[.]net

LockBit 3.0 Ransomware Victim: ita-moulding-process[.]com

LockBit 3.0 Ransomware Victim: ulmacarretillas[.]com

FBI: Business email compromise tactics used to defraud U.S. vendors

Emotet malware distributed as fake W-9 tax forms from the IRS

Brute Ratel C4 Detected – 52[.]192[.]166[.]233:80

US-CERT Vulnerability Summary for the Week of March 13, 2023

Malware Analysis – djvu – 4337baca641bc801e6223757534aee9d

Malware Analysis – smokeloader – 4293ec458e657eeb42ca2ec2eb09b76d

Malware Analysis – djvu – c2c9766bc21d684fdb277faa414fd9ce

Malware Analysis – amadey – a1c240e28cf9828fe5adc68119a57fa6

Malware Analysis – discovery – fea29a2bbc979a1a83a9887b62240d6e

Malware Analysis – discovery – 709002961b4a3d18185690cf820c4758

Malware Analysis – – a4d576b2217f5bdcc4efca32e703e0a2

Malware Analysis – djvu – 438c524825fa5796932fc0b3e71c5530

Malware Analysis – djvu – 09a12cf0789b098cd676c9d8e239726a

Malware Analysis – amadey – d5f44fb56fbe9aa34059918852502617

Malware Analysis – djvu – 294f2eaa193bad38c22be347cb2edd88

Malware Analysis – ransomware – 3b8e23af5c43555dce7c6e90a0828ef4

[QILIN] – Ransomware Victim: Rex-Hide

CVE Alert: CVE-2025-4519 – themeatelier – IDonate – Blood Donation, Request And Donor Management System

CVE Alert: CVE-2025-5483 – niaj – Connector Wizard (formerly LC Wizard)

[STORMOUS] – Ransomware Victim: www[.]marjane[.]ma

Synthient Credential Stuffing Threat Data – 1,957,476,021 breached accounts

You may have missed