Month: March 2023

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

March 18, 2023

U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under...

0a20ee803f05c2be34c234d7612ecb976f8af5daaf703ce6cdb6af9c4dc9521b

LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions

March 18, 2023

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures...

The Week in Ransomware – March 17th 2023 – Shifting to data extortion

March 18, 2023

The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting...

Alleged BreachForums owner ‘Pompompurin’ arrested on cybercrime charges

March 18, 2023

U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking...

Hitachi Energy confirms data breach after Clop GoAnywhere attacks

March 18, 2023

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day...

RAT developer arrested for infecting 10,000 PCs with malware

March 18, 2023

Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing...

NBA alerts fans of a data breach exposing personal information

March 18, 2023

The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by...

Brute Ratel C4 Detected – 52[.]194[.]85[.]123:80

March 18, 2023

The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...

023605bea65a4550700ce2fd485b9cc50d7652468443a4fe854c664c9d8bfc4b

Wifi_Db – Script To Parse Aircrack-ng Captures To A SQLite Database

March 17, 2023

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT...

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

March 17, 2023

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South...

Malware Analysis – djvu – ce3b3de5f62d393aeebd49c31bd29d41

March 17, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: ce3b3de5f62d393aeebd49c31bd29d41SHA1: 154ab2adc0f1921e0a2d6956e33d980e921a901fANALYSIS DATE: 2023-03-17T16:11:34ZTTPS: T1222, T1012, T1082, T1053,...

Malware Analysis – djvu – 68b0f16d837d77eb7edb40ade07b3844

March 17, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 68b0f16d837d77eb7edb40ade07b3844SHA1: e235b7725b1c1e5c7162f0010a7db46073b80040ANALYSIS DATE: 2023-03-17T16:15:06ZTTPS: T1060, T1112, T1012, T1082,...

Malware Analysis – gafgyt – bb5ac3218b68aec33e16261196971d7f

March 17, 2023

Score: 10 MALWARE FAMILY: gafgytTAGS:family:gafgyt, family:plugx, family:redline, botnet, discovery, exploit, infostealer, persistence, trojanMD5: bb5ac3218b68aec33e16261196971d7fSHA1: 7df56150a22016e079c4b3e3a45446bffc2fcd9eANALYSIS DATE: 2023-03-17T16:30:04ZTTPS: T1082, T1050, T1060,...

Malware Analysis – smokeloader – 3e59d07d7af4a0b0314ffcbff5fd12d8

March 17, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 3e59d07d7af4a0b0314ffcbff5fd12d8SHA1: fc32ffaf265d7b38adc59092c967babf1fd92baaANALYSIS DATE: 2023-03-17T17:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – discovery – 7a42e24c7b1607887a49e5929d38f8f9

March 17, 2023

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 7a42e24c7b1607887a49e5929d38f8f9SHA1: 41f9462a8182758714761a839664f69d9d2c3b7eANALYSIS DATE: 2023-03-17T17:26:40ZTTPS: T1060, T1112, T1012, T1042, T1082, T1130 ScoreMeaningExample10Known badA malware...

Malware Analysis – ransomware – 3b56fee645b36a022471189294485517

March 17, 2023

Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 3b56fee645b36a022471189294485517SHA1: 90138e3902b096a89b03271ea664ccc6193b766cANALYSIS DATE: 2023-03-17T17:07:14ZTTPS: T1005, T1081, T1491, T1112, T1082 ScoreMeaningExample10Known badA malware family...

Malware Analysis – amadey – 06c1e142d1c9f438103774ec50d9b348

March 17, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 06c1e142d1c9f438103774ec50d9b348SHA1:...

Malware Analysis – amadey – a480e4bf51162bfd63ed718149a4a608

March 17, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, stealer, trojanMD5: a480e4bf51162bfd63ed718149a4a608SHA1: 16b9d95ce72eceef41e51df9c30c1f84e63d9d72ANALYSIS...

Malware Analysis – djvu – bea14d484e11b88a5a1f76233f52f732

March 17, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: bea14d484e11b88a5a1f76233f52f732SHA1: 0c391495bc75c4926b52b14fdd27bd3f7e410911ANALYSIS DATE: 2023-03-17T17:52:32ZTTPS: T1222, T1060, T1112, T1005,...

Malware Analysis – ransomware – 2e7a4354b997f086db89e1a28ca60816

March 17, 2023

Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 2e7a4354b997f086db89e1a28ca60816SHA1: ee98de0cbeefd9df93c364719b2ae69696f32382ANALYSIS DATE: 2023-03-17T18:12:54ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – djvu – 26551b9c3dbace2dd837828f85d078bd

March 17, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 26551b9c3dbace2dd837828f85d078bdSHA1: 52ca324a5cf64db3586f4b2d5f9607144b044c74ANALYSIS DATE: 2023-03-17T17:50:19ZTTPS: T1012, T1222, T1082, T1053,...

Month: March 2023

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions

The Week in Ransomware – March 17th 2023 – Shifting to data extortion

Alleged BreachForums owner ‘Pompompurin’ arrested on cybercrime charges

Hitachi Energy confirms data breach after Clop GoAnywhere attacks

RAT developer arrested for infecting 10,000 PCs with malware

NBA alerts fans of a data breach exposing personal information

Brute Ratel C4 Detected – 52[.]194[.]85[.]123:80

Wifi_Db – Script To Parse Aircrack-ng Captures To A SQLite Database

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

Malware Analysis – djvu – ce3b3de5f62d393aeebd49c31bd29d41

Malware Analysis – djvu – 68b0f16d837d77eb7edb40ade07b3844

Malware Analysis – gafgyt – bb5ac3218b68aec33e16261196971d7f

Malware Analysis – smokeloader – 3e59d07d7af4a0b0314ffcbff5fd12d8

Malware Analysis – discovery – 7a42e24c7b1607887a49e5929d38f8f9

Malware Analysis – ransomware – 3b56fee645b36a022471189294485517

Malware Analysis – amadey – 06c1e142d1c9f438103774ec50d9b348

Malware Analysis – amadey – a480e4bf51162bfd63ed718149a4a608

Malware Analysis – djvu – bea14d484e11b88a5a1f76233f52f732

Malware Analysis – ransomware – 2e7a4354b997f086db89e1a28ca60816

Malware Analysis – djvu – 26551b9c3dbace2dd837828f85d078bd

LockBit 3.0 Ransomware Victim: meatel[.]com

LockBit 3.0 Ransomware Victim: mandirisekuritas[.]co[.]id

LockBit 3.0 Ransomware Victim: perfectplacement[.]co[.]uk

[INCRANSOM] – Ransomware Victim: Darlington EMS

[INCRANSOM] – Ransomware Victim: Schuck-Gruppe

[APT73] – Ransomware Victim: gureco[.]pl

[APT73] – Ransomware Victim: lgpunjab[.]gov[.]in

[INCRANSOM] – Ransomware Victim: IPE Engwicht

You may have missed