Month: November 2022

4 Types of Cyber Crime Groups

November 9, 2022

Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and...

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

November 9, 2022

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This...

Surveillance vendor exploited Samsung phone zero-days

November 9, 2022

Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed...

LockBit 3.0 Ransomware Victim: shmcomputers[.]screenconnect[.]com

November 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: continental[.]com

November 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Cuba Ransomware Victim: waltersandwolf

November 9, 2022

Cuba Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...

Malware Analysis – evasion – a95d19c9b1972f9f6c8a66b148e08918

November 9, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, trojanMD5: a95d19c9b1972f9f6c8a66b148e08918SHA1: ce6f76f1181355dbb1e559f1d15d43d513d80702ANALYSIS DATE: 2022-11-08T12:31:50ZTTPS: T1112, T1158, T1088, T1089, T1082, T1005,...

Malware Analysis – discovery – 0ffa05c5bcecaee09bac1f5f1ed25f80

November 9, 2022

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 0ffa05c5bcecaee09bac1f5f1ed25f80SHA1: 9acffa92149b0db7a243d59f5780054f5e024e3aANALYSIS DATE: 2022-11-08T13:25:13ZTTPS: T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – teslacrypt – 6eb1c8fb571684bd3d219b963fad3d6f

November 9, 2022

Score: 10 MALWARE FAMILY: teslacryptTAGS:family:teslacrypt, persistence, ransomwareMD5: 6eb1c8fb571684bd3d219b963fad3d6fSHA1: b9205cd714e320fbac5f8c22171d40cc005a26abANALYSIS DATE: 2022-11-08T13:29:21ZTTPS: T1082, T1060, T1112, T1107, T1490 ScoreMeaningExample10Known badA malware family...

Malware Analysis – discovery – 01dc2d1847f1ec016717148e991b04d0

November 9, 2022

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 01dc2d1847f1ec016717148e991b04d0SHA1: e08b0a35f9dd1e130232577c29fe8ed4e7a05ac7ANALYSIS DATE: 2022-11-08T13:25:19ZTTPS: T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – evasion – a956802c8406310e6ec9c92f37a9a840

November 9, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, trojanMD5: a956802c8406310e6ec9c92f37a9a840SHA1: c0d5f1acd810277b48de5406a398ac9775644541ANALYSIS DATE: 2022-11-08T12:42:59ZTTPS: T1088, T1089, T1112, T1158, T1082, T1060,...

Malware Analysis – djvu – 8e8c43682825e340a0e4e86df9638d88

November 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:gg, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: 8e8c43682825e340a0e4e86df9638d88SHA1:...

Malware Analysis – persistence – 3d832202850a77dfbf0c8cfc0ec6a464

November 9, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, spyware, stealerMD5: 3d832202850a77dfbf0c8cfc0ec6a464SHA1: a8aabae68c94856eec1a23884fb337b2b2e22fdaANALYSIS DATE: 2022-11-09T15:18:44ZTTPS: T1060, T1112, T1005, T1081, T1053 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – eae4c8b586e411a419710263d0eb0b96

November 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: eae4c8b586e411a419710263d0eb0b96SHA1: 0dfcabd6d65446a52b906000e98e23c7bb7d67d2ANALYSIS DATE: 2022-11-09T15:21:09ZTTPS: T1012, T1005, T1081, T1060,...

Malware Analysis – teslacrypt – 52ec44494fed2c9bebd5ce99903b7775

November 9, 2022

Score: 10 MALWARE FAMILY: teslacryptTAGS:family:teslacrypt, persistence, ransomware, spyware, stealerMD5: 52ec44494fed2c9bebd5ce99903b7775SHA1: 6191526cf35f080922830412c795df4fed5f8696ANALYSIS DATE: 2022-11-08T13:52:35ZTTPS: T1082, T1060, T1112, T1107, T1490, T1005, T1081,...

Malware Analysis – dcrat – d68bd01a1c047679188bd4ba14268249

November 9, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:gg, backdoor, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealer,...

Malware Analysis – surtr – 393e9f112cc999ebd9333877bcc7535e

November 9, 2022

Score: 10 MALWARE FAMILY: surtrTAGS:family:surtr, evasion, persistence, ransomware, spyware, stealer, trojan, upxMD5: 393e9f112cc999ebd9333877bcc7535eSHA1: ed65581b6c3980b3ddf623a4d2f61ce08ce59bdfANALYSIS DATE: 2022-11-09T16:00:21ZTTPS: T1490, T1107, T1088, T1089,...

Malware Analysis – djvu – 879da220b96bdee376de037c5bff5e31

November 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 879da220b96bdee376de037c5bff5e31SHA1: 00eb2f6949fe3a189063909ad401da0ed0eea66bANALYSIS DATE: 2022-11-09T16:24:55ZTTPS: T1005, T1081, T1012, T1082,...

Malware Analysis – ransomware – d796f9491a1dbd0f0dbcf2e2dfc617e5

November 9, 2022

Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: d796f9491a1dbd0f0dbcf2e2dfc617e5SHA1: e0dc3073ec0263d3267ce014bdbb3f69666da426ANALYSIS DATE: 2022-11-09T17:06:00ZTTPS: T1082, T1012, T1005, T1081, T1102 ScoreMeaningExample10Known badA malware family...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Panel access at https://news-push-88.op-mobile.opera.com/. – By rahul0x01

November 9, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

CISA

RDPHijack-BOF – Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking

November 9, 2022

Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access...

Month: November 2022

4 Types of Cyber Crime Groups

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Surveillance vendor exploited Samsung phone zero-days

LockBit 3.0 Ransomware Victim: shmcomputers[.]screenconnect[.]com

LockBit 3.0 Ransomware Victim: continental[.]com

Cuba Ransomware Victim: waltersandwolf

Malware Analysis – evasion – a95d19c9b1972f9f6c8a66b148e08918

Malware Analysis – discovery – 0ffa05c5bcecaee09bac1f5f1ed25f80

Malware Analysis – teslacrypt – 6eb1c8fb571684bd3d219b963fad3d6f

Malware Analysis – discovery – 01dc2d1847f1ec016717148e991b04d0

Malware Analysis – evasion – a956802c8406310e6ec9c92f37a9a840

Malware Analysis – djvu – 8e8c43682825e340a0e4e86df9638d88

Malware Analysis – persistence – 3d832202850a77dfbf0c8cfc0ec6a464

Malware Analysis – djvu – eae4c8b586e411a419710263d0eb0b96

Malware Analysis – teslacrypt – 52ec44494fed2c9bebd5ce99903b7775

Malware Analysis – dcrat – d68bd01a1c047679188bd4ba14268249

Malware Analysis – surtr – 393e9f112cc999ebd9333877bcc7535e

Malware Analysis – djvu – 879da220b96bdee376de037c5bff5e31

Malware Analysis – ransomware – d796f9491a1dbd0f0dbcf2e2dfc617e5

BugCrowd Bug Bounty Disclosure: – Panel access at https://news-push-88.op-mobile.opera.com/. – By rahul0x01

CISA: Microsoft Releases November 2022 Security Updates

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Microsoft Patch Tuesday updates fix 6 actively exploited zero-days

RDPHijack-BOF – Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking

CISA: Microsoft Releases October 2024 Security Updates

CISA: Avoid Scams After Disaster Strikes

CISA: CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

You may have missed