LockBit 3.0 Ransomware Victim: elsan[.]care
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Month: January 2023
HackerOne Bug Bounty Disclosure: using-special-ipv4-mapped-ipv6-addresses-to-bypass-local-ip-banbyalbertspedersen
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by albertspedersen albertspedersen Report Using special IPv4-mapped IPv6 addresses...
CISA: CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats
CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats Today, CISA released Protecting Our Future: Partnering...
LockBit 3.0 Ransomware Victim: xlntinc[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Get-AppLockerEventlog – Script For Fetching Applocker Event Log By Parsing The Win-Event Log
This script will parse all the channels of events from the win-event log to extract all the log relatives to...
Malware Analysis – evasion – c7a9226978be7b4ead9febb8ac854e7c
Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: c7a9226978be7b4ead9febb8ac854e7cSHA1: cb7e60b4c4c4f4737c4cfe74addde018515918dfANALYSIS DATE: 2023-01-24T09:00:06ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 6735e0d9fc3b11c7cbdd071d3829162b
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 6735e0d9fc3b11c7cbdd071d3829162bSHA1: 1ebc132342713c73f1020c8012b0b5063c28b2aaANALYSIS DATE: 2023-01-24T09:04:30ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – upx – 5f586940f6b6ae2f8cbdeaec316b62ef
Score: 9 MALWARE FAMILY: upxTAGS:upxMD5: 5f586940f6b6ae2f8cbdeaec316b62efSHA1: 97197beb2de16b0b38c20b4846f4325283f28356ANALYSIS DATE: 2023-01-24T09:57:48ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – djvu – c249a253e8f6bab49a07078d3b07bdf4
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c249a253e8f6bab49a07078d3b07bdf4SHA1: 0bca272f816478d880ab6b1e29d3239c587726ffANALYSIS DATE: 2023-01-24T10:51:50ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – dharma – be47139183c40fceb264c6946627b93f
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: be47139183c40fceb264c6946627b93fSHA1: 06f645d6afc2f909dbdf61c0982dcd74126bc5f5ANALYSIS DATE: 2023-01-24T09:17:14ZTTPS: T1005, T1081, T1112, T1060, T1107, T1490, T1082...
Malware Analysis – dharma – e096b294d0ed5f42ca68bc41c47ac27a
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: e096b294d0ed5f42ca68bc41c47ac27aSHA1: 1d5601986887ead48d036f1401330b8c9fd59eebANALYSIS DATE: 2023-01-24T09:17:03ZTTPS: T1005, T1081, T1082, T1112, T1060, T1107, T1490...
Malware Analysis – persistence – b6cfdefd2ef6bb507cbac8634ec3f6a1
Score: 9 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, spyware, stealerMD5: b6cfdefd2ef6bb507cbac8634ec3f6a1SHA1: 583bbf424a7114586dd48fe57be999cbd750ba56ANALYSIS DATE: 2023-01-24T09:17:07ZTTPS: T1107, T1490, T1060, T1112, T1005, T1081, T1491 ScoreMeaningExample10Known...
Malware Analysis – dharma – 58402f0f41e3bfecbea9ca1bcc0f0c2b
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: 58402f0f41e3bfecbea9ca1bcc0f0c2bSHA1: 0a2b11df94790e1121c17e350eb846a236e0fbcfANALYSIS DATE: 2023-01-24T09:17:05ZTTPS: T1060, T1112, T1107, T1490, T1005, T1081, T1082...
Malware Analysis – dharma – ee524170a7ffc7ad48afc3a1e7377943
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: ee524170a7ffc7ad48afc3a1e7377943SHA1: c9c8725012fbf7e9651b2e1519eaf17e86a65658ANALYSIS DATE: 2023-01-24T09:17:03ZTTPS: T1082, T1060, T1112, T1107, T1490, T1005, T1081...
Cobalt Stike Beacon Detected – 44[.]201[.]225[.]29:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – djvu – 25ebd3e34fae530ba993ec9a609a2459
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 25ebd3e34fae530ba993ec9a609a2459SHA1: cee22c94beeeb1d50c110babe87d5a756be8cf05ANALYSIS DATE: 2023-01-24T10:27:58ZTTPS: T1222, T1053, T1005, T1081,...
Cobalt Stike Beacon Detected – 35[.]164[.]247[.]19:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 162[.]14[.]97[.]126:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 107[.]189[.]5[.]117:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Apple Safari WebKit code execution | CVE-2023-23518
NAME__________Apple Safari WebKit code executionPlatforms Affected:Apple Safari 16.2Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple Safari could allow a remote attacker to execute arbitrary...
PowerDNS Recursor denial of service | CVE-2023-22617
NAME__________PowerDNS Recursor denial of servicePlatforms Affected:PowerDNS Recursor 4.5.9 PowerDNS Recursor 4.6.2 PowerDNS Recursor 4.7.1Risk Level:8.2Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________PowerDNS Recursor is...
Apache Airflow command execution | CVE-2023-22884
NAME__________Apache Airflow command executionPlatforms Affected:Apache Airflow 2.3.0 Apache Airflow 2.4.0 Apache Airflow 2.4.1 Apache Airflow 2.4.2Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Airflow...
Apple Safari WebKit code execution | CVE-2023-23517
NAME__________Apple Safari WebKit code executionPlatforms Affected:Apple Safari 16.2Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple Safari could allow a remote attacker to execute arbitrary...
