New ‘Blank Image’ attack hides phishing scripts in SVG files
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be...
threatintel
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant...
T-Mobile hacked to steal data of 37 million accounts in API data breach
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer...
Exploit released for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products. This pre-authentication...
New ‘Hook’ Android malware lets hackers remotely control your phone
A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in...
Vice Society Ransomware Victim: Monmouth College
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Vice Society Ransomware Victim: University of Duisburg-Essen
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Stike Beacon Detected – 121[.]4[.]154[.]240:4000
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 182[.]160[.]0[.]248:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Posh C2 Detected – 146[.]190[.]86[.]212:4443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...
Malware Analysis – djvu – c266d56f0bbea899b2cfa58f192a9f86
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c266d56f0bbea899b2cfa58f192a9f86SHA1: 0f2191d9571e04ed4cf14188b9eab8f210f6c652ANALYSIS DATE: 2023-01-19T16:59:57ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – persistence – da8e21489a2c6c01ee676c304c8541c1
Score: 8 MALWARE FAMILY: persistenceTAGS:persistenceMD5: da8e21489a2c6c01ee676c304c8541c1SHA1: 40e6d3aa1f0fa21fae1a9563174b45b432aa3306ANALYSIS DATE: 2023-01-19T17:42:31ZTTPS: T1060, T1112, T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 50fee0fee96a3c681b9c47eada3fffdf
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 50fee0fee96a3c681b9c47eada3fffdfSHA1: db64c7d74705e4a3c08ca50c140fa84d3c4fce09ANALYSIS DATE: 2023-01-19T17:22:07ZTTPS: T1012, T1222, T1082, T1005,...
Malware Analysis – locky – fb6ca1cd232151d667f6cd2484fee8c8
Score: 10 MALWARE FAMILY: lockyTAGS:family:locky, ransomwareMD5: fb6ca1cd232151d667f6cd2484fee8c8SHA1: f7bb52767afd2cd32ede8b5f83012eb99ba1ce28ANALYSIS DATE: 2023-01-19T17:42:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – discovery – 133af41cfec522b7f583fcf77be37b1a
Score: 8 MALWARE FAMILY: discoveryTAGS:discoveryMD5: 133af41cfec522b7f583fcf77be37b1aSHA1: 50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0ANALYSIS DATE: 2023-01-19T17:13:15ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
LockBit 3.0 Ransomware Victim: tvk[.]nl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Bitzlato crypto exchange seized for ransomware, drugs money laundering
The U.S. Department of Justice arrested and charged Russian national Anatoly Legkodymov, the founder of the Hong Kong-registered cryptocurrency exchange...
Product Security Incident Response: Key Strategies and Best Practices
Written By: Samuel Cure, CISO, AMI In today's digital landscape, it is essential to implement proactive measures to ensure the...
Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country's national news agency...
Illegal Solaris darknet market hijacked by competitor Kraken
Solaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named...
MailChimp discloses new breach after employees got hacked
Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the...
Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner
Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google...
