Cobalt Stike Beacon Detected – 152[.]136[.]227[.]216:82
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Year: 2022
Cobalt Stike Beacon Detected – 117[.]50[.]184[.]22:8686
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – smokeloader – 88d7dc05b7794c43d3139459c59887c3
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 88d7dc05b7794c43d3139459c59887c3SHA1: 22394c449abe2646eb9ad38ad21c535b24c88049ANALYSIS DATE: 2022-12-22T10:33:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – amadey – 2b79f0afb2dc42c780798c703991a6b7
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, botnet:mario23_10, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: 2b79f0afb2dc42c780798c703991a6b7SHA1: 98c46412d503e36d2178066a3ce2b24f49c280a1ANALYSIS...
Malware Analysis – djvu – 43d1e65899d0b271d1fba91b5790903c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomware, spyware, stealerMD5: 43d1e65899d0b271d1fba91b5790903cSHA1: 76f798556f63316fb401b44a83209da04c7f76ffANALYSIS DATE: 2022-12-22T10:45:50ZTTPS: T1005, T1081, T1012, T1060, T1112, T1082,...
Malware Analysis – – 26140638e7b26263ccb6060488bd66db
Score: 1 MALWARE FAMILY: TAGS:MD5: 26140638e7b26263ccb6060488bd66dbSHA1: e9ffb621ae7b601c3a0e567bd8fc0c97bed71497ANALYSIS DATE: 2022-12-22T11:15:41ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Daily Vulnerability Trends: Thu Dec 22 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2020-6418Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a...
Raspberry Robin worm drops fake malware to confuse researchers
The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers...
FBI warns of search engine ads pushing malware, phishing
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials...
GodFather Android malware targets 400 banks, crypto exchanges
An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over...
Okta’s source code stolen after GitHub repositories hacked
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were...
Google Ad fraud campaign used adult content to make millions
A massive advertising fraud campaign using Google Ads and 'popunders' on adult sites is estimated to have generated millions of...
Ukraine’s DELTA military system users targeted by info-stealing malware
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the...
Malicious ‘SentinelOne’ PyPI package steals data from developers
Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client...
Microsoft will turn off Exchange Online basic auth in January
Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security....
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale
Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on...
Corsair keyboard bug makes it type on its own, no malware involved
Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text...
Ransomware gang uses new Microsoft Exchange exploit to breach servers
Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code...
Hackers bombard PyPi platform with information-stealing malware
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to...
VirusTotal cheat sheet makes it easy to search for specific results
VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence...
Play ransomware claims attack on German hotel chain H-Hotels
The Play ransomware gang has claimed responsibility for a cyber attack on H-Hotels (h-hotels.com) that has resulted in communication outages...
Russians hacked JFK airport’s taxi dispatch system for profit
Two U.S. citizens were arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK)...
Microsoft finds macOS bug that lets malware bypass security checks
Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of...
Glupteba malware is back in action after Google disruption
The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost...
