Ransomware and wiper signed with stolen certificates
Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks...
Year: 2022
Malware Analysis – smokeloader – cd2f32885f77776c6870994c9dea4b0e
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: cd2f32885f77776c6870994c9dea4b0eSHA1: 3afebca15a24af9a925523c7ff4fb5f196a17a7bANALYSIS DATE: 2022-12-23T03:32:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 11ef4e7da7336b07a610f53246bd2a37
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 11ef4e7da7336b07a610f53246bd2a37SHA1: 51c2c3502d74aaf3fd4f253fb33a11425d64c6beANALYSIS DATE: 2022-12-23T04:40:48ZTTPS: T1222, T1012, T1082, T1005, T1081, T1060,...
Malware Analysis – djvu – c02eeb1769431e512a18cb8a8d6d346c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: c02eeb1769431e512a18cb8a8d6d346cSHA1: b803c2dede5ff1e9c69767569197ab0104b1e94aANALYSIS DATE: 2022-12-23T05:20:45ZTTPS: T1222, T1082, T1005, T1081, T1012, T1060,...
Malware Analysis – smokeloader – cd259460368f6993bd59dbd869add7d6
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: cd259460368f6993bd59dbd869add7d6SHA1: 1a4bb76edacd425ceee03894e52eec3484fb17acANALYSIS DATE: 2022-12-23T05:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – eed5dd7b206c7d4fb1b4c0bd50486a89
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: eed5dd7b206c7d4fb1b4c0bd50486a89SHA1: 19deb6f83a9c7859be8ce667bff7e34f0200cc40ANALYSIS DATE: 2022-12-23T04:32:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Using GitHub Actions to manage CI/CD for Empire
We’ve been using GitHub actions for Empire and Starkiller for quite some time now. It’s been a significant productivity boost...
LockBit 3.0 Ransomware Victim: thedonovancompany[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Stike Beacon Detected – 4[.]205[.]51[.]119:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]100[.]210[.]43:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 51[.]79[.]230[.]42:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – smokeloader – b1e6371800ed2beea2b05572054e5fa3
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: b1e6371800ed2beea2b05572054e5fa3SHA1: 5e1f3278645fa1ff22d32e494a9c6580030d5232ANALYSIS DATE: 2022-12-22T21:01:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ransomware – b08b6219961caac74b033c88233c67f6
Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: b08b6219961caac74b033c88233c67f6SHA1: f4d8c562f51537b57b7c25ff552c736c383c2d60ANALYSIS DATE: 2022-12-22T21:31:49ZTTPS: T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – smokeloader – 79fe9ab1a7a010786684dfbb784b7837
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 79fe9ab1a7a010786684dfbb784b7837SHA1: 2d709acfb03604d76949053d42174e3d416ae515ANALYSIS DATE: 2022-12-22T21:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – 2eb56154df927e0c5fcae69ed3c11990
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 2eb56154df927e0c5fcae69ed3c11990SHA1: fd16efabd12014a64c9d71f480618eded76fab59ANALYSIS DATE: 2022-12-22T23:01:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ransomware – c09116efea795c3170634211222aa3c9
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: c09116efea795c3170634211222aa3c9SHA1: a3ceacdcb37a45bc6d36d84b28c2ed71492caef8ANALYSIS DATE: 2022-12-22T23:45:23ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – djvu – 9867a82df7697272a3dbfad12519aac6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 9867a82df7697272a3dbfad12519aac6SHA1: 7027244a46aefbf80c7903f59ad019394d548f36ANALYSIS DATE: 2022-12-22T22:22:13ZTTPS: T1222, T1005, T1081, T1012, T1060, T1112,...
Malware Analysis – djvu – 329c38dfcf60d7e05c4e28d9da5fa426
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 329c38dfcf60d7e05c4e28d9da5fa426SHA1: cc02de6e3facb660a01b24c1c2633a55829b8cc2ANALYSIS DATE: 2022-12-22T23:08:10ZTTPS: T1082, T1053, T1005, T1081, T1012, T1060,...
North Korea linked threat actors have stolen an estimated billion worth of cryptocurrency and other virtual assets in the past five years
North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past...
The Vice Society ransomware group has adopted new custom ransomware with a strong encryption scheme in recent intrusions
The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions.SentinelOne researchers discovered...
Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities
Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities.Microsoft Threat Intelligence Center (MSTIC) researchers...
Prevent Cryptocurrency Cyber Extortion
Highly destructive cybercrime is on the rise, and most of it is being funded with anonymous cryptocurrency. We review cryptocurrency...
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks
​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then...
Vice Society ransomware gang switches to new custom encryptor
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme...
