Cobalt Stike Beacon Detected – 3[.]29[.]24[.]212:8080
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: January 2023
Cobalt Stike Beacon Detected – 54[.]188[.]58[.]32:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 109[.]172[.]45[.]28:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Siretta QUARTZ-GOLD directory traversal | CVE-2022-41154
NAME__________Siretta QUARTZ-GOLD directory traversalPlatforms Affected:Risk Level:8.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to traverse directories on the system,...
Argo Project Argo CD security bypass | CVE-2023-22736
NAME__________Argo Project Argo CD security bypassPlatforms Affected:Argo Project Argo CD 2.5.7 Argo Project Argo CD 2.6.0-rc4 Argo Project Argo CD...
Siretta QUARTZ-GOLD command execution |
NAME__________Siretta QUARTZ-GOLD command executionPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to execute arbitrary commands...
UFLO2 code execution | CVE-2022-25894
NAME__________UFLO2 code executionPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________UFLO2 could allow a remote attacker to execute arbitrary code on the system, caused...
Pi-hole security bypass | CVE-2023-23614
NAME__________Pi-hole security bypassPlatforms Affected:Pi-hole Pi-hole 4.0 Pi-hole Pi-hole 5.18.2Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Pi-hole could allow a remote authenticated attacker to bypass...
BaiCells Nova 227, Nova 233, Nova 243, and Nova 246 LTE TDD eNodeB devices code execution | CVE-2023-24508
NAME__________BaiCells Nova 227, Nova 233, Nova 243, and Nova 246 LTE TDD eNodeB devices code executionPlatforms Affected:BaiCells Nova 246 RTS/RTD...
Siretta QUARTZ-GOLD command execution | CVE-2022-42491
NAME__________Siretta QUARTZ-GOLD command executionPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to execute arbitrary commands...
Siretta QUARTZ-GOLD command execution | CVE-2022-42492
NAME__________Siretta QUARTZ-GOLD command executionPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to execute arbitrary commands...
Argo Project Argo CD security bypass | CVE-2023-22482
NAME__________Argo Project Argo CD security bypassPlatforms Affected:Argo CD Argo CD 1.8.2 Argo Project Argo CD 2.3.13 Argo Project Argo CD...
Siretta QUARTZ-GOLD buffer overflow | CVE-2022-41991
NAME__________Siretta QUARTZ-GOLD buffer overflowPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD is vulnerable to a heap-based buffer overflow, caused by improper bounds...
Discourse cross-site scripting | CVE-2023-22468
NAME__________Discourse cross-site scriptingPlatforms Affected:Discourse Discourse 3.0.0 Discourse Discourse 3.1.0.beta1Risk Level:8.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper...
Siretta QUARTZ-GOLD command execution | CVE-2022-42493
NAME__________Siretta QUARTZ-GOLD command executionPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to execute arbitrary commands...
Siretta QUARTZ-GOLD command execution | CVE-2022-40222
NAME__________Siretta QUARTZ-GOLD command executionPlatforms Affected:Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Siretta QUARTZ-GOLD could allow a remote attacker to execute arbitrary commands...
BreachForums Database Leak Alert: TSA NoFly List
BreachForums - Databreach discussion & leaks forum. NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
BreachForums Database Leak Alert: demo[.]zeeroq[.]com
BreachForums - Databreach discussion & leaks forum. NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
Daily Vulnerability Trends: Sun Jan 29 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2020-28362Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.CVE-2022-34718Windows TCP/IP...
Vice Society Ransomware Victim: Seguros Equinoccial
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Malware Analysis – smokeloader – a36b584de10085f700f75c6f21620bd2
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: a36b584de10085f700f75c6f21620bd2SHA1: 8c8006245b3be3a36dfebeab999d8d01826cbe1cANALYSIS DATE: 2023-01-29T03:25:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – cce7765c14bdcec1e907d013a875be01
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: cce7765c14bdcec1e907d013a875be01SHA1: 776c2ab297b6a69ce27041b748413bd25133030eANALYSIS DATE: 2023-01-29T03:01:08ZTTPS: T1082, T1053, T1005, T1081,...
Malware Analysis – smokeloader – 0188b2bb7e59afd6100b75775561f073
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 0188b2bb7e59afd6100b75775561f073SHA1: c29f3865c7e5dcbc53535eec9906f992153c7227ANALYSIS DATE: 2023-01-29T04:16:02ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 376a3ccb90224d2ad5712bf04c0b9578
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, family:vidar, botnet:19, botnet:@2023@new, backdoor, discovery, infostealer, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 376a3ccb90224d2ad5712bf04c0b9578SHA1:...
