Cobalt Stike Beacon Detected – 5[.]44[.]42[.]16:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: October 2022
Cobalt Stike Beacon Detected – 154[.]221[.]25[.]206:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 174[.]139[.]150[.]250:4443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – ransomware – 45ac7cd59d7f250217c69d5ec042632d
Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 45ac7cd59d7f250217c69d5ec042632dSHA1: cf41622eea189b592cc3f31d9eadceba56144310ANALYSIS DATE: 2022-10-14T10:34:50ZTTPS: T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – djvu – 381c69c453ddd6ecebb0535db66d069a
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 381c69c453ddd6ecebb0535db66d069aSHA1: f023209a0bc9a96fe9cb9d17a5012ddc2ee28462ANALYSIS DATE: 2022-10-14T10:37:50ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – djvu – a1f3f1f4e250c96cbbee38b5d6babd7e
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: a1f3f1f4e250c96cbbee38b5d6babd7eSHA1: 34f96b5e8d04ea15f2079d51383986a1cbc91123ANALYSIS DATE: 2022-10-14T10:24:10ZTTPS: T1222, T1082, T1053, T1005,...
Malware Analysis – danabot – 3572e56a91ed00b2a383c8efd1b64653
Score: 10 MALWARE FAMILY: danabotTAGS:family:danabot, family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, banker, collection, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 3572e56a91ed00b2a383c8efd1b64653SHA1:...
Cobalt Stike Beacon Detected – 139[.]9[.]1[.]63:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 82[.]157[.]245[.]205:4433
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 66[.]42[.]48[.]182:6443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 104[.]168[.]117[.]95:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products
Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A...
DJI drone tracking data exposed in the US
Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by...
Gogs cross-site scripting | CVE-2022-32174
NAME Gogs cross-site scripting Platforms Affected:Gogs Gogs 0.11.53 Gogs Gogs 0.11.66 Gogs Gogs 0.11.79 Gogs Gogs 0.11.86 Gogs Gogs 0.11.91...
Siemens products privilege escalation | CVE-2022-31765
NAME Siemens products privilege escalation Platforms Affected:Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) 7.1.1 Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)...
ResIOT IoT Platform and LoRaWAN Network Server cross-site request forgery | CVE-2022-34020
NAME ResIOT IoT Platform and LoRaWAN Network Server cross-site request forgery Platforms Affected:ResIOT ResIOT IoT Platform and LoRaWAN Network Server...
Juniper Networks Paragon Active Assurance cross-site scripting | CVE-2022-22229
NAME Juniper Networks Paragon Active Assurance cross-site scripting Platforms Affected:Juniper Networks Paragon Active Assurance 3.1.0 Juniper Networks Paragon Active Assurance...
Juniper Junos OS Evolved privilege escalation | CVE-2022-22239
NAME Juniper Junos OS Evolved privilege escalation Platforms Affected:Juniper Junos OS EvolvedRisk Level:8.2Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Juniper Junos OS Evolved could...
Linux Kernel code execution | CVE-2022-42720
NAME Linux Kernel code execution Platforms Affected:Linux Kernel 5.1 Linux Kernel 5.19.14Risk Level:8Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION Linux Kernel could allow...
Siemens products code execution | CVE-2022-40181
NAME Siemens products code execution Platforms Affected:Siemens Desigo PXM30-1 02.20.126.11-40 Siemens Desigo PXM30.E 02.20.126.11-40 Siemens Desigo PXM40-1 02.20.126.11-40 Siemens Desigo...
Apache Commons Text code execution | CVE-2022-42889
NAME Apache Commons Text code execution Platforms Affected:Apache Commons Text 1.9.0Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Commons Text could allow a...
Siemens products denial of service | CVE-2022-31766
NAME Siemens products denial of service Platforms Affected:Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) 7.1.1 Siemens RUGGEDCOM RM1224 LTE(4G) NAM...
Siemens LOGO! 8 BM buffer overflow | CVE-2022-36361
NAME Siemens LOGO! 8 BM buffer overflow Platforms Affected:Siemens LOGO! 8 BMRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Siemens LOGO! 8 BM is...
Siemens SCALANCE devices cross-site scripting | CVE-2022-40631
NAME Siemens SCALANCE devices cross-site scripting Platforms Affected:Siemens SCALANCE X200-4P IRT Siemens SCALANCE X201-3P IRT Siemens SCALANCE X202-2IRT Siemens SCALANCE...
