CISA: CISA Releases SSVC Methodology to Prioritize Vulnerabilities
CISA Releases SSVC Methodology to Prioritize Vulnerabilities Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management...
threatintel
A bug in ABB Totalflow flow computers exposed oil and gas companies to attack
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to...
NGWAF – First Iteration Of ML Based Feedback WAF
This can be achieved in the following steps: Create a new dataset (.csv) for upload in the following format...
Cobalt Stike Beacon Detected – 101[.]43[.]4[.]39:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 120[.]27[.]227[.]99:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – azov – 6468ee100d88c71d55dfdcf4e30f991e
Score: 10 MALWARE FAMILY: azovTAGS:family:azov, ransomware, spyware, stealer, wiperMD5: 6468ee100d88c71d55dfdcf4e30f991eSHA1: 5c520d2d7dc4c9e5d536d3aff998185657d40ac8ANALYSIS DATE: 2022-11-10T09:01:07ZTTPS: T1012, T1120, T1082, T1005, T1081 ScoreMeaningExample10Known badA...
Malware Analysis – azov – ffee009b572a16093cfffe7f8e3d963a
Score: 10 MALWARE FAMILY: azovTAGS:family:azov, persistence, ransomware, wiperMD5: ffee009b572a16093cfffe7f8e3d963aSHA1: c499d2778dc2746a08ef90d259e2f6834ed17cdfANALYSIS DATE: 2022-11-10T09:00:45ZTTPS: T1012, T1120, T1082, T1060, T1112 ScoreMeaningExample10Known badA malware...
Cobalt Stike Beacon Detected – 101[.]201[.]35[.]218:6666
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 107[.]174[.]95[.]204:6666
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]221[.]207[.]103:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]96[.]136[.]229:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – wannacry – 9f73c18d38017fdef2011b186dead35b
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 9f73c18d38017fdef2011b186dead35bSHA1: de15099805cce28f7fec1edf701e3d1f14d66f51ANALYSIS DATE: 2022-11-10T10:00:31ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – wannacry – 2246127934495b3206cb318271092a5d
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 2246127934495b3206cb318271092a5dSHA1: bb1d5148afc44635a9e103de45441c4c75db64aaANALYSIS DATE: 2022-11-10T10:40:26ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – chaos – f28dab0d7488b9d69a566c9ca7c084e1
Score: 10 MALWARE FAMILY: chaosTAGS:family:chaos, evasion, persistence, ransomware, spyware, stealerMD5: f28dab0d7488b9d69a566c9ca7c084e1SHA1: 32537b66204e8c76642da46aa286433cb868b453ANALYSIS DATE: 2022-11-10T10:20:08ZTTPS: T1490, T1059, T1107, T1005, T1081, T1082,...
Malware Analysis – djvu – 068a01b46b7fd84d9d37d37b9307c514
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 068a01b46b7fd84d9d37d37b9307c514SHA1: 5b659a6d2c3c3c3e79e2dff0e0d61abe0d6e5325ANALYSIS DATE: 2022-11-10T10:53:29ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – blackcat – d28d12f328105aa089129301da9919d0
Score: 10 MALWARE FAMILY: blackcatTAGS:family:blackcat, discovery, evasion, ransomware, trojanMD5: d28d12f328105aa089129301da9919d0SHA1: 234f34e9725dadcf109e3c8065f1841d4c2f74e9ANALYSIS DATE: 2022-11-10T11:04:58ZTTPS: T1107, T1490, T1012, T1120, T1082, T1089, T1112,...
Malware Analysis – amadey – 29edbd2942ee93a290930a8384fb0362
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:raccoon, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:53508e7dc4e08bd33122d190a04a1200, botnet:mario23_10, backdoor, collection, discovery, infostealer, persistence, ransomware,...
Malware Analysis – ransomware – 4617028009902b4530adbfee151d3126
Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 4617028009902b4530adbfee151d3126SHA1: 186828382c2d4e3be2054675614bef990972b23aANALYSIS DATE: 2022-11-10T11:00:18ZTTPS: T1059, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – wannacry – b54c96716a5453ad729d91bb5fb39bf9
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: b54c96716a5453ad729d91bb5fb39bf9SHA1: c72f2c21ef5e82132fd1c68f4e0afe6e0a94ccf6ANALYSIS DATE: 2022-11-10T11:00:32ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Posh C2 Detected – 20[.]218[.]128[.]59:443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in...
Lenovo warns of flaws that can be used to bypass security features
Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo...
Cybersecurity threats: what awaits us in 2023?
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts...
Malware Analysis – discovery – 05e03d4e8ba3590bb057f6e6abae5460
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 05e03d4e8ba3590bb057f6e6abae5460SHA1: e33d353a0d9c6b463859e4939b473c1eedcbd34cANALYSIS DATE: 2022-11-08T20:42:51ZTTPS: T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
