New Boldmove Linux malware used to backdoor Fortinet devices
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and...
Month: January 2023
Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain....
Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks. The first...
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang...
Cobalt Stike Beacon Detected – 182[.]92[.]67[.]97:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 23[.]227[.]202[.]188:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]100[.]190[.]135:6789
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 35[.]72[.]81[.]198:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]95[.]149[.]125:90
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – discovery – b836837cc3a35ac8ad5414e2fd758cb1
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: b836837cc3a35ac8ad5414e2fd758cb1SHA1: 7d963a95964735bd353eee489d949912935e154aANALYSIS DATE: 2023-01-21T09:13:49ZTTPS: T1112, T1082, T1042, T1060, T1012 ScoreMeaningExample10Known badA malware family...
Malware Analysis – djvu – de0bf20a9d668e641c58cbf15464dcff
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: de0bf20a9d668e641c58cbf15464dcffSHA1: 0a76a64c8c966e99a979cdc4517d05563a0736c6ANALYSIS DATE: 2023-01-21T09:31:33ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – djvu – 1da519e1cf49bb501127d725cd71d13d
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 1da519e1cf49bb501127d725cd71d13dSHA1: 53b253d5a7b42acae4cbb7cd6f2d943bcc7e484fANALYSIS DATE: 2023-01-21T09:56:05ZTTPS: T1130, T1112, T1060, T1222, T1082,...
Malware Analysis – djvu – db9ca7be33c09a07e9bf8631da3f943f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: db9ca7be33c09a07e9bf8631da3f943fSHA1: 517345fed6578132c020d79c5f46eae92c2cd991ANALYSIS DATE: 2023-01-21T11:02:19ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – evasion – 048d2cc9af6b8a64b48a6bed39ce3a94
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, pyinstaller, ransomware, upxMD5: 048d2cc9af6b8a64b48a6bed39ce3a94SHA1: 6bba401ef23fb8aee4f6bd2ce2e0264c1159094cANALYSIS DATE: 2023-01-21T11:26:21ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – discovery – cc42a6beb3e2e6d9404f015076a3c28a
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: cc42a6beb3e2e6d9404f015076a3c28aSHA1: d71b84e8ae3c692a96596d67138a9755af595a35ANALYSIS DATE: 2023-01-21T11:21:02ZTTPS: T1112, T1082, T1060, T1012, T1042 ScoreMeaningExample10Known badA malware family...
Dell EMC PV ME5 privilege escalation | CVE-2023-23691
NAME__________Dell EMC PV ME5 privilege escalationPlatforms Affected:Dell PowerVault ME5 1.1.0.0Risk Level:8.1Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell EMC PV ME5 could allow a remote...
LISTSERV cross-site scripting | CVE-2022-39195
NAME__________LISTSERV cross-site scriptingPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________LISTSERV is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...
Git Git GUI privilege escalation | CVE-2022-41953
NAME__________Git Git GUI privilege escalationPlatforms Affected:Git for Windows Git for Windows 2.39.0Risk Level:8.6Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Git GUI could allow a remote...
Daily Vulnerability Trends: Sat Jan 21 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-4873On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer...
Malware Analysis – discovery – 87234dff69f6c8edfaf828a5d491c886
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 87234dff69f6c8edfaf828a5d491c886SHA1: 69902f3c575191db8114aa34f99b27ceae3a9f72ANALYSIS DATE: 2023-01-21T03:49:51ZTTPS: T1082, T1012, T1222, T1120 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 23793d8263ed7779fb8415e966c4efee
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 23793d8263ed7779fb8415e966c4efeeSHA1: ec4f0d9147599c8a860ff5e3b770cbc908c5712eANALYSIS DATE: 2023-01-21T04:36:47ZTTPS: T1012, T1082, T1053, T1060,...
Malware Analysis – dharma – 5787665e570a0a7e7deaf48aa539896c
Score: 10 MALWARE FAMILY: dharmaTAGS:family:dharma, persistence, ransomware, spyware, stealerMD5: 5787665e570a0a7e7deaf48aa539896cSHA1: 15be972b9566e275accd5498229b98f69e3430c0ANALYSIS DATE: 2023-01-21T04:20:54ZTTPS: T1107, T1490, T1005, T1081, T1082, T1060, T1112...
Malware Analysis – djvu – 8569d60d9c0c1b628b34434d3bbaef12
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 8569d60d9c0c1b628b34434d3bbaef12SHA1: 3467cff730bf61c98336af6c1d9bc72b75ec5b20ANALYSIS DATE: 2023-01-21T05:50:44ZTTPS: T1082, T1005, T1081, T1012,...
Malware Analysis – – 34635fd96a958116eda7e430185bd347
Score: 8 MALWARE FAMILY: TAGS:MD5: 34635fd96a958116eda7e430185bd347SHA1: 69dfb57b9dc5fdb371abcd3d8aa78d97864f19b6ANALYSIS DATE: 2023-01-21T05:10:23ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
