Cobalt Stike Beacon Detected – 141[.]98[.]10[.]124:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: February 2023
Cobalt Stike Beacon Detected – 185[.]143[.]223[.]33:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 46[.]161[.]40[.]118:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]71[.]152[.]140:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – smokeloader – 0aeddad4b0aa26e2b46f2b1c498bda5c
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 0aeddad4b0aa26e2b46f2b1c498bda5cSHA1: ab08be349ed68c56de52a04a502683a45f1020e5ANALYSIS DATE: 2023-02-11T11:34:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ryuk – 5ac0f050f93f86e69026faea1fbb4450
Score: 10 MALWARE FAMILY: ryukTAGS:family:ryuk, persistence, ransomwareMD5: 5ac0f050f93f86e69026faea1fbb4450SHA1: 9709774fde9ec740ad6fed8ed79903296ca9d571ANALYSIS DATE: 2023-02-11T10:59:29ZTTPS: T1082, T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – c418a430529db80b4daabd52c5c8adce
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: c418a430529db80b4daabd52c5c8adceSHA1: 3fd4955aca9bb801a2cb337cb9acbb3f61fd4d07ANALYSIS DATE: 2023-02-11T10:39:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ransomware – e29a4153e08b5b85b4a51f8a2cd2714e
Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: e29a4153e08b5b85b4a51f8a2cd2714eSHA1: 1a2056b4d141fcfc44f7132f31cba62d6f31d86dANALYSIS DATE: 2023-02-11T10:17:53ZTTPS: T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Cobalt Stike Beacon Detected – 107[.]172[.]208[.]88:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 3[.]84[.]109[.]117:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]142[.]246[.]194:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 162[.]19[.]206[.]0:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
OpenSSL denial of service | CVE-2023-0215
NAME__________OpenSSL denial of servicePlatforms Affected:OpenSSL OpenSSL 1.0.2 OpenSSL OpenSSL 1.1.1 OpenSSL OpenSSL 3.0.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenSSL is vulnerable to...
Zyxel NWA110AX devices denial of service | CVE-2022-45854
NAME__________Zyxel NWA110AX devices denial of servicePlatforms Affected:Zyxel NWA110AX 6.45(ABTG.0)C0 Zyxel NWA210AX 6.45(ABTD.0)C0 Zyxel WAX510D 6.45(ABTF.0)C0 Zyxel WAX610D 6.45(ABTE.0)C0 Zyxel WAX630S...
Google Chrome Download security bypass | CVE-2023-0700
NAME__________Google Chrome Download security bypassPlatforms Affected:Google Chrome 110.0Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Google Chrome could allow a remote attacker to bypass security...
Nextcloud Desktop cross-site scripting | CVE-2023-23942
NAME__________Nextcloud Desktop cross-site scriptingPlatforms Affected:Risk Level:3.9Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Nextcloud Desktop is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Nextcloud Mail information disclosure | CVE-2023-23943
NAME__________Nextcloud Mail information disclosurePlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Nextcloud Mail could allow a remote authenticated attacker to obtain sensitive information, caused...
Zyxel NBG-418N devices cross-site scripting | CVE-2022-45441
NAME__________Zyxel NBG-418N devices cross-site scriptingPlatforms Affected:Zyxel NBG-418N v2 1.00(AARP.10)C0Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Zyxel NBG-418N devices are vulnerable to cross-site scripting, caused...
OpenSSL denial of service | CVE-2023-0217
NAME__________OpenSSL denial of servicePlatforms Affected:OpenSSL OpenSSL 3.0.1 OpenSSL OpenSSL 3.0.2 OpenSSL OpenSSL 3.0.3 OpenSSL OpenSSL 3.0.4 OpenSSL OpenSSL 3.0.0 OpenSSL...
LogicalDOC Enterprise Edition and LogicalDOC Community Edition cross-site scripting | CVE-2022-47415
NAME__________LogicalDOC Enterprise Edition and LogicalDOC Community Edition cross-site scriptingPlatforms Affected:Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________LogicalDOC Enterprise Edition and LogicalDOC Community Edition are...
GNU Less security bypass | CVE-2022-46663
NAME__________GNU Less security bypassPlatforms Affected:Gnu LessRisk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________GNU Less could allow a remote/ attacker to bypass security restrictions, caused...
Interactive Geo Maps Plugin for WordPress cross-site scripting | CVE-2023-0731
NAME__________Interactive Geo Maps Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Interactive Geo Maps plugin for WordPress 1.5.9Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Interactive Geo...
Wicked Folders plugin for WordPress cross-site request forgery | CVE-2023-0728
NAME__________Wicked Folders plugin for WordPress cross-site request forgeryPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Wicked Folders plugin for WordPress is vulnerable to cross-site...
Wicked Folders plugin for WordPress cross-site request forgery | CVE-2023-0722
NAME__________Wicked Folders plugin for WordPress cross-site request forgeryPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Wicked Folders plugin for WordPress is vulnerable to cross-site...
