Cobalt Stike Beacon Detected – 101[.]42[.]46[.]117:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: January 2023
Malware Analysis – aurora – a750f4f224ae7af1c886b39d1c5800d4
Score: 10 MALWARE FAMILY: auroraTAGS:family:aurora, family:dcrat, family:djvu, family:icedid, family:smokeloader, family:vidar, botnet:19, campaign:3131022508, backdoor, banker, discovery, infostealer, loader, persistence, ransomware, rat,...
Malware Analysis – xmrig – f91a4f2fe37f1008f8f2b0d597dbd5fa
Score: 10 MALWARE FAMILY: xmrigTAGS:family:xmrig, discovery, evasion, exploit, minerMD5: f91a4f2fe37f1008f8f2b0d597dbd5faSHA1: 3293698ca35076659fbaaac4868ba57afc3e560dANALYSIS DATE: 2023-01-11T09:23:30ZTTPS: T1031, T1562, T1489, T1222, T1082, T1102, T1112...
Malware Analysis – smokeloader – 70d0f4ca40cba87f64e1d482c2eb7167
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 70d0f4ca40cba87f64e1d482c2eb7167SHA1: 2b375e2d01a2bcc809cb5f3adb94d7b2cbd05470ANALYSIS DATE: 2023-01-11T09:31:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – wannacry – 5c7fb0927db37372da25f270708103a2
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, persistence, ransomware, spyware, stealer, wormMD5: 5c7fb0927db37372da25f270708103a2SHA1: 120ed9279d85cbfa56e5b7779ffa7162074f7a29ANALYSIS DATE: 2023-01-11T09:07:49ZTTPS: T1107, T1490, T1082, T1005, T1081, T1060,...
Cobalt Stike Beacon Detected – 54[.]151[.]146[.]41:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]45[.]143[.]169:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 107[.]189[.]3[.]56:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]113[.]224[.]80:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – wannacry – 3e1358176d57982beb922f2902a37fad
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, bootkit, persistence, ransomware, wormMD5: 3e1358176d57982beb922f2902a37fadSHA1: db139653e9dd7c669efdfddd69c991b72dcb428bANALYSIS DATE: 2023-01-11T10:21:05ZTTPS: T1012, T1082, T1060, T1112, T1067, T1491 ScoreMeaningExample10Known...
Malware Analysis – discovery – 5a9d7261ca6fb48b5df18e3e5dcd12e4
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: 5a9d7261ca6fb48b5df18e3e5dcd12e4SHA1: c5e5601e995437ff625939876c7cf5a30d8e29eaANALYSIS DATE: 2023-01-11T10:18:25ZTTPS: T1012, T1497, T1082, T1112, T1042, T1060 ScoreMeaningExample10Known badA...
Malware Analysis – djvu – f0fa800da38d447e5ec5488cf0533783
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: f0fa800da38d447e5ec5488cf0533783SHA1: a18b649c13257ece20693771eda98eeb436d4248ANALYSIS DATE: 2023-01-11T10:20:44ZTTPS: T1082, T1053, T1012, T1060,...
Malware Analysis – djvu – 003110423bef9777e6ef2a55473bd34f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 003110423bef9777e6ef2a55473bd34fSHA1: 5a3036ea4d032f3f40a99cc5febd0133232e005eANALYSIS DATE: 2023-01-11T10:04:15ZTTPS: T1005, T1081, T1060, T1112,...
Malware Analysis – ransomware – b1a0dbcba5aa72bddf6a2619bd1c04d3
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: b1a0dbcba5aa72bddf6a2619bd1c04d3SHA1: 80c34dc43c0e0ea556f0412bfa6807f2a956f369ANALYSIS DATE: 2023-01-11T10:51:09ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – ransomware – 2f11fdaaca22cb7c54bb336e80340d3e
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 2f11fdaaca22cb7c54bb336e80340d3eSHA1: 3b2d7b85221ac8c0c7d7abcbb06566f53d20e7efANALYSIS DATE: 2023-01-11T11:24:50ZTTPS: T1005, T1081, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – 476931064a8b0ecf9a4f5fefd0680a45
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 476931064a8b0ecf9a4f5fefd0680a45SHA1: ee254056c2b0ea556627f3700f3d387bda411952ANALYSIS DATE: 2023-01-11T11:51:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – discovery – 992727441c0580255be639bd8a738be5
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: 992727441c0580255be639bd8a738be5SHA1: e49881c98d86f8b7bd9b80d4d52872b2d4c340f8ANALYSIS DATE: 2023-01-11T11:46:10ZTTPS: T1060, T1012, T1497, T1082, T1112, T1042 ScoreMeaningExample10Known badA...
Siemens SINEC INS code execution | CVE-2022-45094
NAME__________Siemens SINEC INS code executionPlatforms Affected:Risk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siemens SINEC INS could allow a remote authenticated attacker within the local...
SAP NetWeaver AS for Java security bypass | CVE-2023-0017
NAME__________SAP NetWeaver AS for Java security bypassPlatforms Affected:SAP NetWeaver AS for JAVA 7.50Risk Level:9.1Exploitability:UnprovenConsequences:Gain Privilege DESCRIPTION__________SAP NetWeaver AS for Java...
Zip4j weak security | CVE-2023-22899
NAME__________Zip4j weak securityPlatforms Affected:Zip4j Zip4j 2.11.2Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zip4j could provide weaker than expected security, caused by not always check...
GitLab CE/EE denial of service | CVE-2022-3613
NAME__________GitLab CE/EE denial of servicePlatforms Affected:GitLab Community Edition 15.7.1 GitLab Community Edition 15.6.3 GitLab Community Edition 15.5.6 GitLab Enterprise Edition...
SAP BusinessObjects Business Intelligence platform code execution | CVE-2023-0022
NAME__________SAP BusinessObjects Business Intelligence platform code executionPlatforms Affected:SAP BusinessObjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform 430Risk Level:9.9Exploitability:UnprovenConsequences:Gain...
Google Chrome code execution | CVE-2023-0134
NAME__________Google Chrome code executionPlatforms Affected:Google Chrome 109.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Google Chrome could allow a remote attacker to execute arbitrary code...
Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code execution | CVE-2023-21556
NAME__________Microsoft Windows Layer 2 Tunneling Protocol (L2TP) code executionPlatforms Affected:Microsoft Windows 7 SP1 x32 Microsoft Windows 7 SP1 x64 Microsoft...
