Year: 2022

Canadian mining firm shuts down mill after ransomware attack

December 31, 2022

The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack...

New Linux malware uses 30 plugin exploits to backdoor WordPress sites

December 31, 2022

A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. According to...

LockBit ransomware claims attack on Port of Lisbon in Portugal

December 31, 2022

An cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed...

LockBit 3.0 Ransomware Victim: hacla[.]org

December 31, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: sickkids[.]ca

December 31, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – amadey – caea0d7d729cd98183ab8f89d159ed96

December 31, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lgoogloader, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, downloader, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5:...

Malware Analysis – discovery – 247a35851fdee53a1696715d67bd0905

December 31, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, exploit, persistence, trojanMD5: 247a35851fdee53a1696715d67bd0905SHA1: d2e86020e1d48e527e81e550f06c651328bd58a4ANALYSIS DATE: 2022-12-31T14:59:41ZTTPS: T1082, T1112, T1042, T1088, T1089, T1222, T1004,...

Royal Ransomware Victim: QUT

December 31, 2022

RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...

Malware Analysis – smokeloader – 124b03b3d75478abea2f458fee60959d

December 31, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 124b03b3d75478abea2f458fee60959dSHA1: 904c8a2dd40b96e58ff1cec864a2a210aa48c887ANALYSIS DATE: 2022-12-31T15:42:09ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – gozi – 5f5e0c106041d9a391d1be6671dc82f3

December 31, 2022

Score: 10 MALWARE FAMILY: goziTAGS:family:gozi, family:maze, banker, ransomware, spyware, stealer, trojanMD5: 5f5e0c106041d9a391d1be6671dc82f3SHA1: aa43e1ecc45a4ae28642235b9f1e891a78f54e65ANALYSIS DATE: 2022-12-31T15:41:40ZTTPS: T1112, T1107, T1490, T1005, T1081,...

Malware Analysis – djvu – c2809657fe7902d12920cc9f9165b7dc

December 31, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c2809657fe7902d12920cc9f9165b7dcSHA1: 31e5bd2de345e7add3b55bc88d17974564c311edANALYSIS DATE: 2022-12-31T16:03:13ZTTPS: T1060, T1112, T1222, T1005,...

Malware Analysis – djvu – 9edd6fe2a4167bf6dd0e3b4329c821ec

December 31, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 9edd6fe2a4167bf6dd0e3b4329c821ecSHA1: 15b299689d8b27c1c07a744b7a557952c1a84d58ANALYSIS DATE: 2022-12-31T15:53:02ZTTPS: T1130, T1112, T1060, T1222, T1082...

HIVE Ransomware Victim: Centro Médico Virgen De La Caridad

December 31, 2022

HIVE Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...

Malware Analysis – amadey – a58ba818715cbcd50fff388b246e04d1

December 31, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:lgoogloader, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, downloader, infostealer, persistence, ransomware, rat, spyware,...

Malware Analysis – smokeloader – ebb941aeae54958f197195a8cdc02cbc

December 31, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: ebb941aeae54958f197195a8cdc02cbcSHA1: 42b41bdaa608fc7723e41d8f9eeac644d1b2cbe5ANALYSIS DATE: 2022-12-31T16:46:10ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – a2596c636a3bf52bcea6b30b6a0e1069

December 31, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: a2596c636a3bf52bcea6b30b6a0e1069SHA1: d5645bac3d29b0b2da83443450c8afb49311c223ANALYSIS DATE: 2022-12-31T16:06:14ZTTPS: T1060, T1112, T1222, T1082, T1053,...

Malware Analysis – discovery – 0cdf7a3eb26b525ed680d9e4ac083846

December 31, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 0cdf7a3eb26b525ed680d9e4ac083846SHA1: f5a17b0288fcb57a4412054b7345e1650cc0164cANALYSIS DATE: 2022-12-31T17:01:05ZTTPS: T1012, T1082, T1112, T1042, T1060 ScoreMeaningExample10Known badA malware family...

HackerOne Bug Bounty Disclosure: no-password-length-limit-when-creating-a-user-as-an-administratorbyhackeronefour

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by hackeronefour hackeronefour Report No password length limit when creating a user as an administrator...

HackerOne Bug Bounty Disclosure: disabled-download-shares-still-allow-download-through-preview-imagesbyjuliushaertl

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by juliushaertl juliushaertl Report Disabled download shares still allow download through preview images Full Report...

HackerOne Bug Bounty Disclosure: guests-can-continue-to-receive-video-streams-from-call-after-being-removed-from-a-conversationbydaniel_calvino_sanchez

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Guests can continue to receive video streams from call after being...

Malware Analysis – discovery – 26421955712b8b1cd7525f22f428766d

December 31, 2022

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploit, persistenceMD5: 26421955712b8b1cd7525f22f428766dSHA1: c0ad0f8c37269c739d58d6ac8f2c3a1b97e2f943ANALYSIS DATE: 2022-12-31T17:38:00ZTTPS: T1082, T1222, T1060, T1112, T1012 ScoreMeaningExample10Known badA malware family...

Malware Analysis – amadey – 4c4dbc3a854c94d4544eb851248ecfb9

December 31, 2022

Malware Analysis – amadey – 8b9cf7d521d223d68a073e69661160cc

December 31, 2022

Malware Analysis – djvu – 23ff2f5f2c9e41f564461a6ab9b38e17

December 31, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 23ff2f5f2c9e41f564461a6ab9b38e17SHA1: 09309c3e0f173cb449eff6af59642669699aa330ANALYSIS DATE: 2022-12-31T17:10:16ZTTPS: T1222, T1060, T1112, T1005,...

Year: 2022

Canadian mining firm shuts down mill after ransomware attack

New Linux malware uses 30 plugin exploits to backdoor WordPress sites

LockBit ransomware claims attack on Port of Lisbon in Portugal

LockBit 3.0 Ransomware Victim: hacla[.]org

LockBit 3.0 Ransomware Victim: sickkids[.]ca

Malware Analysis – amadey – caea0d7d729cd98183ab8f89d159ed96

Malware Analysis – discovery – 247a35851fdee53a1696715d67bd0905

Royal Ransomware Victim: QUT

Malware Analysis – smokeloader – 124b03b3d75478abea2f458fee60959d

Malware Analysis – gozi – 5f5e0c106041d9a391d1be6671dc82f3

Malware Analysis – djvu – c2809657fe7902d12920cc9f9165b7dc

Malware Analysis – djvu – 9edd6fe2a4167bf6dd0e3b4329c821ec

HIVE Ransomware Victim: Centro Médico Virgen De La Caridad

Malware Analysis – amadey – a58ba818715cbcd50fff388b246e04d1

Malware Analysis – smokeloader – ebb941aeae54958f197195a8cdc02cbc

Malware Analysis – djvu – a2596c636a3bf52bcea6b30b6a0e1069

Malware Analysis – discovery – 0cdf7a3eb26b525ed680d9e4ac083846

HackerOne Bug Bounty Disclosure: no-password-length-limit-when-creating-a-user-as-an-administratorbyhackeronefour

HackerOne Bug Bounty Disclosure: disabled-download-shares-still-allow-download-through-preview-imagesbyjuliushaertl

HackerOne Bug Bounty Disclosure: guests-can-continue-to-receive-video-streams-from-call-after-being-removed-from-a-conversationbydaniel_calvino_sanchez

Malware Analysis – discovery – 26421955712b8b1cd7525f22f428766d

Malware Analysis – amadey – 4c4dbc3a854c94d4544eb851248ecfb9

Malware Analysis – amadey – 8b9cf7d521d223d68a073e69661160cc

Malware Analysis – djvu – 23ff2f5f2c9e41f564461a6ab9b38e17

[FUNKSEC] – Ransomware Victim: Zero 5

[RANSOMHUB] – Ransomware Victim: www[.]sefiso-atlantique[.]fr

[RANSOMHUB] – Ransomware Victim: marietta-city[.]org

[FUNKSEC] – Ransomware Victim: Smart-it-partner

[RANSOMHUB] – Ransomware Victim: www[.]lasalle[.]com

You may have missed