Month: November 2022

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

November 4, 2022

I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of...

Cisco Identity Services Engine security bypass | CVE-2022-20956

November 4, 2022

NAME Cisco Identity Services Engine security bypass Platforms Affected:Cisco Identity Services EngineRisk Level:8.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Cisco Identity Services Engine could...

Canteen Management System SQL injection | CVE-2022-43232

November 4, 2022

NAME Canteen Management System SQL injection Platforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION Canteen Management System is vulnerable to SQL injection. A...

Cisco BroadWorks CommPilot Application Software code execution | CVE-2022-20958

November 4, 2022

NAME Cisco BroadWorks CommPilot Application Software code execution Platforms Affected:Cisco BroadWorks CommPilot Application SoftwareRisk Level:8.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Cisco BroadWorks CommPilot...

Cisco Identity Services Engine cross-site request forgery | CVE-2022-20961

November 4, 2022

NAME Cisco Identity Services Engine cross-site request forgery Platforms Affected:Cisco Identity Services Engine 2.2 Cisco Identity Services Engine 2.6 Patch...

Daily Vulnerability Trends: Fri Nov 04 2022

November 4, 2022

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2202-3602 No description provided CVE-2022-31692Spring Security, versions 5.7 prior to 5.7.5 and...

Cisco addressed several high-severity flaws in its products

November 4, 2022

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple...

LockBit 3.0 Ransomware Victim: cacula[.]com

November 4, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: kingteam[.]com[.]tw

November 4, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: santimuni[.]com

November 4, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: hettichbenelux[.]com

November 4, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – djvu – c8974837ee9e62f78817492ef2cc71ff

November 4, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: c8974837ee9e62f78817492ef2cc71ffSHA1: 7e580765dd04d1c42c33611d39bd2682f0e5aa29ANALYSIS DATE:...

Malware Analysis – djvu – a8cf6c4ce9bae2e0433a9d6f5a9090b0

November 4, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, botnet:slovarik1btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: a8cf6c4ce9bae2e0433a9d6f5a9090b0SHA1: 2b33cde4309e82bb278132dfddbf90319b2c9139ANALYSIS...

Malware Analysis – wannacry – 328ec0632c2a5318d3c189eceab6b488

November 4, 2022

Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 328ec0632c2a5318d3c189eceab6b488SHA1: bbd958285c9744c460f7da1ccda942c47d245cc6ANALYSIS DATE: 2022-11-04T03:00:34ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – – 045f8512e0b82b10dcd510492ae75a02

November 4, 2022

Score: 1 MALWARE FAMILY: TAGS:MD5: 045f8512e0b82b10dcd510492ae75a02SHA1: db7936f5f9e2f75634f5b39597bd68e1dc2d9618ANALYSIS DATE: 2022-11-04T03:18:03ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Bug Bounty

BugCrowd Bug Bounty Disclosure: – Several internal applications have open CORS, allowing external folks to access the content – By bigBugGuy

November 4, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...

Malware Analysis – djvu – 52f22a333f60f4af27239ae51eb9d3d7

November 4, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 52f22a333f60f4af27239ae51eb9d3d7SHA1: 3bc9e4286878a61737763f260e5eefec96f1f20bANALYSIS DATE: 2022-11-04T05:51:22ZTTPS: T1012, T1082, T1053, T1005, T1081, T1060,...

Malware Analysis – smokeloader – 8aeee4f03c86f2d4377129edc204d26c

November 4, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 8aeee4f03c86f2d4377129edc204d26cSHA1: 931c011b463b6f122ff0009d1cbb022786ea70acANALYSIS DATE: 2022-11-04T05:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – dc64e4857ede57bf4a938088261cbce4

November 4, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: dc64e4857ede57bf4a938088261cbce4SHA1: 4f35ebc663ef9df15ddd9e5676f63e43a0138665ANALYSIS DATE: 2022-11-04T05:31:17ZTTPS: T1053, T1005, T1081, T1012, T1060, T1112,...

Malware Analysis – smokeloader – 8611fcd3c059993ae37c038f0682507a

November 4, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 8611fcd3c059993ae37c038f0682507aSHA1: 82a2f78e8594faff95889690b93fb37ed96ad242ANALYSIS DATE: 2022-11-04T05:05:33ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Month: November 2022

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

Cisco Identity Services Engine security bypass | CVE-2022-20956

Canteen Management System SQL injection | CVE-2022-43232

Cisco BroadWorks CommPilot Application Software code execution | CVE-2022-20958

Cisco Identity Services Engine cross-site request forgery | CVE-2022-20961

Daily Vulnerability Trends: Fri Nov 04 2022

Cisco addressed several high-severity flaws in its products

LockBit 3.0 Ransomware Victim: cacula[.]com

LockBit 3.0 Ransomware Victim: kingteam[.]com[.]tw

LockBit 3.0 Ransomware Victim: santimuni[.]com

LockBit 3.0 Ransomware Victim: hettichbenelux[.]com

Malware Analysis – djvu – c8974837ee9e62f78817492ef2cc71ff

Malware Analysis – djvu – a8cf6c4ce9bae2e0433a9d6f5a9090b0

Malware Analysis – wannacry – 328ec0632c2a5318d3c189eceab6b488

Malware Analysis – – 045f8512e0b82b10dcd510492ae75a02

BugCrowd Bug Bounty Disclosure: – Several internal applications have open CORS, allowing external folks to access the content – By bigBugGuy

Malware Analysis – djvu – 52f22a333f60f4af27239ae51eb9d3d7

Malware Analysis – smokeloader – 8aeee4f03c86f2d4377129edc204d26c

Malware Analysis – djvu – dc64e4857ede57bf4a938088261cbce4

Malware Analysis – smokeloader – 8611fcd3c059993ae37c038f0682507a

Cobalt Stike Beacon Detected – 120[.]48[.]9[.]221:9999

Cobalt Stike Beacon Detected – 5[.]44[.]42[.]42:80

Cobalt Stike Beacon Detected – 152[.]136[.]153[.]12:8009

Cobalt Stike Beacon Detected – 20[.]82[.]145[.]211:80

[RANSOMHUB] – Ransomware Victim: sector5[.]ro

[PLAY] – Ransomware Victim: Dome Construction

[PLAY] – Ransomware Victim: S & W Kitchens

[PLAY] – Ransomware Victim: Paragon Plastics

[RANSOMHUB] – Ransomware Victim: metroelectric[.]com

You may have missed