Month: October 2022

New York Post hacked? No, the culprit is an employee

October 28, 2022

Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians....

Daily Vulnerability Trends: Fri Oct 28 2022

October 28, 2022

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2021-39144XStream is a simple library to serialize objects to XML and back...

Malware Analysis – persistence – f0979d897155f51fd96a63c61e05d85c

October 28, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, spyware, stealerMD5: f0979d897155f51fd96a63c61e05d85cSHA1: decf7df4b1c709879a023ed0b8b4f6317124aba6ANALYSIS DATE: 2022-10-28T02:40:14ZTTPS: T1060, T1112, T1005, T1081 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – evasion – 0d406739d2347f98f3df4dcd439cc405

October 28, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0d406739d2347f98f3df4dcd439cc405SHA1: 0b5d30e69316ca06ca1c9703346c8998e5433a88ANALYSIS DATE: 2022-10-28T03:35:05ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – ransomware – 93a803afbb21cfbcc6e9371cc6c13f80

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 93a803afbb21cfbcc6e9371cc6c13f80SHA1: f55511cc24bcc621a924a2aeffa73fc21d0ea667ANALYSIS DATE: 2022-10-28T03:00:22ZTTPS: T1082, T1107, T1490, T1091, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – wannacry – 962443d2cfa12dd0aaa0761250ddcc82

October 28, 2022

Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 962443d2cfa12dd0aaa0761250ddcc82SHA1: bc9d5e318b95e648d6a9da943c5e5a65c09f8931ANALYSIS DATE: 2022-10-28T03:20:20ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – amadey – ea49ed458a3fda19979b3900607b5234

October 28, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:remcos, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:remotehost, botnet:slovarik15btc, backdoor, collection, discovery, infostealer,...

Malware Analysis – evasion – 486b0b890f76baefb7c2c19081a0a522

October 28, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 486b0b890f76baefb7c2c19081a0a522SHA1: ff0bd42969476bf3b2b45d0fcf38d4f7a705efa9ANALYSIS DATE: 2022-10-28T03:37:04ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – discovery – 96d0a63a8d102c8453350d84e23ebe7f

October 28, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 96d0a63a8d102c8453350d84e23ebe7fSHA1: e1190dc0f5059cc3c55b462ca40924d5c8ef4980ANALYSIS DATE: 2022-10-28T03:46:57ZTTPS: T1060, T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – amadey – 75b71d343f0d858780eaff9728ee05fd

October 28, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:slovarik15btc, backdoor, collection, discovery, infostealer, persistence, ransomware,...

Malware Analysis – djvu – 046574dc17dca15013376cc8af4c799f

October 28, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 046574dc17dca15013376cc8af4c799fSHA1: 68e3dc8ad4fce013bd822f95ff662252370e2800ANALYSIS DATE: 2022-10-28T03:46:04ZTTPS: T1005, T1081, T1130, T1112,...

Malware Analysis – discovery – 4f29f8e2115f1288edfe3c964e5ce9cc

October 28, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 4f29f8e2115f1288edfe3c964e5ce9ccSHA1: b70b69871befcf37436faab27368270cae18f7daANALYSIS DATE: 2022-10-28T03:57:32ZTTPS: T1112, T1012, T1082, T1060 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – smokeloader – e7c7dd1609c0ae7d9948db9f5cecb2ab

October 28, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: e7c7dd1609c0ae7d9948db9f5cecb2abSHA1: f7d951dee4dd309a299f583afbab259d11221a28ANALYSIS DATE: 2022-10-28T04:13:40ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – e6c1f8a982119f6284e0da95a38cacaa

October 28, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: e6c1f8a982119f6284e0da95a38cacaaSHA1: 0178a1150393ec4e9269b71a2e39703d97a0cf6dANALYSIS DATE: 2022-10-28T04:11:47ZTTPS: T1005, T1081, T1082, T1107, T1490, T1091 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – c011e8e0c16b3a60c7a91bd5ad1516ea

October 28, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:1752, botnet:517, botnet:google2, botnet:mario23_10, botnet:slovarik15btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware,...

Month: October 2022

New York Post hacked? No, the culprit is an employee

Daily Vulnerability Trends: Fri Oct 28 2022

Malware Analysis – persistence – f0979d897155f51fd96a63c61e05d85c

Malware Analysis – evasion – 0d406739d2347f98f3df4dcd439cc405

Malware Analysis – ransomware – 93a803afbb21cfbcc6e9371cc6c13f80

Malware Analysis – wannacry – 962443d2cfa12dd0aaa0761250ddcc82

Malware Analysis – amadey – ea49ed458a3fda19979b3900607b5234

Malware Analysis – evasion – 486b0b890f76baefb7c2c19081a0a522

Malware Analysis – discovery – 96d0a63a8d102c8453350d84e23ebe7f

Malware Analysis – amadey – 75b71d343f0d858780eaff9728ee05fd

Malware Analysis – djvu – 046574dc17dca15013376cc8af4c799f

Malware Analysis – discovery – 4f29f8e2115f1288edfe3c964e5ce9cc

Malware Analysis – smokeloader – e7c7dd1609c0ae7d9948db9f5cecb2ab

Malware Analysis – ransomware – e6c1f8a982119f6284e0da95a38cacaa

Malware Analysis – djvu – c011e8e0c16b3a60c7a91bd5ad1516ea

Cobalt Stike Beacon Detected – 164[.]155[.]72[.]251:80

Cobalt Stike Beacon Detected – 34[.]68[.]164[.]235:80

Cobalt Stike Beacon Detected – 34[.]238[.]24[.]159:443

Cobalt Stike Beacon Detected – 185[.]45[.]195[.]136:443

Cobalt Stike Beacon Detected – 188[.]241[.]240[.]147:443

Cobalt Stike Beacon Detected – 23[.]88[.]61[.]199:80

Cobalt Stike Beacon Detected – 101[.]99[.]94[.]70:80

Cobalt Stike Beacon Detected – 43[.]143[.]153[.]235:80

Cobalt Stike Beacon Detected – 91[.]206[.]178[.]108:443

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

[RANSOMHUB] – Ransomware Victim: blr[.]com

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

You may have missed