Ransomware activity and network access sales in Q3 2022
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M....
Month: November 2022
Cicd-Goat – A Deliberately Vulnerable CI/CD Environment
Deliberately Download & Run There's no need to clone the repository. Linux & Mac curl -o cicd-goat/docker-compose.yaml --create-dirs https://raw.githubusercontent.com/cider-security-research/cicd-goat/main/docker-compose.yamlcd cicd-goat...
Cobalt Stike Beacon Detected – 172[.]245[.]27[.]233:8080
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 5[.]44[.]42[.]48:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 150[.]158[.]55[.]146:5555
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – wannacry – 7f75aa06e06a197d63761176133913ac
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, discovery, ransomware, wormMD5: 7f75aa06e06a197d63761176133913acSHA1: 9b2085e5c64ed8f13584082b5aceada1c9c072efANALYSIS DATE: 2022-11-01T09:20:22ZTTPS: T1046 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – djvu – 98e8bcb6dc7fa33c0ba1917db3060d3f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 98e8bcb6dc7fa33c0ba1917db3060d3fSHA1: d476e4750a0cc4b072751d6d618184e825f269d9ANALYSIS DATE: 2022-11-01T10:20:32ZTTPS: T1060, T1112, T1082, T1005, T1081, T1012,...
Malware Analysis – djvu – 64614e3663ac2abd4a21ae1e1d46bfc3
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 64614e3663ac2abd4a21ae1e1d46bfc3SHA1: 2a910047f6f2357425965958ca6bb75d550e9a6dANALYSIS DATE: 2022-11-01T09:56:29ZTTPS: T1060, T1112, T1082, T1012, T1005, T1081,...
Cobalt Stike Beacon Detected – 84[.]32[.]188[.]244:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 185[.]130[.]45[.]159:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]143[.]133[.]46:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]70[.]67[.]154:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – djvu – bfd9b7bda4437c4b6ca3d10738afb87a
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, botnet:slovarik1btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojan, upxMD5: bfd9b7bda4437c4b6ca3d10738afb87aSHA1:...
Malware Analysis – lockbit – 23e2134379d01a6efcfb519df2819bce
Score: 10 MALWARE FAMILY: lockbitTAGS:family:lockbit, ransomwareMD5: 23e2134379d01a6efcfb519df2819bceSHA1: 93e1a0c2918ece7a768b9b3fd8d5203e1fa0754cANALYSIS DATE: 2022-11-01T11:19:03ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – smokeloader – 9e775e96fa042f3b834bbc419900ccc7
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 9e775e96fa042f3b834bbc419900ccc7SHA1: 2979669e92f199a0aaddc71e7133891af20ef6d7ANALYSIS DATE: 2022-11-01T10:51:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 352e96b903513bea0586e76f677bd7a0
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 352e96b903513bea0586e76f677bd7a0SHA1: 1bd12034347ce8aedcaa6c4612622ebb5142e83cANALYSIS DATE: 2022-11-01T11:40:30ZTTPS: T1222, T1060, T1112, T1005, T1081, T1012,...
Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected...
xf-test-csrf |
NAME xf-test-csrf Platforms Affected:Risk Level:10Exploitability:FunctionalConsequences: DESCRIPTION xf-test-csrf CVSS 3.0 Information Privileges Required: NoneUser Interaction: NoneScope: UnchangedAccess Vector: Access Complexity: LowConfidentiality...
Daily Vulnerability Trends: Tue Nov 01 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-42889Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated...
APT10: Tracking down LODEINFO 2022, part II
In the previous publication ‘Tracking down LODEINFO 2022, part I‘, we mentioned that the initial infection methods vary in different...
APT10: Tracking down LODEINFO 2022, part I
Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any...
LockBit 3.0 Ransomware Victim: hoosierco[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: centurion[.]com[.]pl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Malware Analysis – djvu – 326b996ad2342c28d3b5e2e94432c4d3
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:mario23_10, botnet:slovarik1btc, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: 326b996ad2342c28d3b5e2e94432c4d3SHA1: 158034f8bf2d95774a7a6806dcaa250485eb2408ANALYSIS...
