The Different Methods and Stages of Penetration Testing
The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial...
Month: March 2023
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss...
Malware Analysis – discovery – daad86ad18d95c4439cbc00e1c717128
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: daad86ad18d95c4439cbc00e1c717128SHA1: 089dccbb5bc3ab13481ca73803ba4af8a45bae7bANALYSIS DATE: 2023-03-15T09:09:23ZTTPS: T1012, T1060, T1082, T1112, T1042 ScoreMeaningExample10Known badA malware family...
Malware Analysis – djvu – b01a1b1c19436e4c9c7ba4c8050cf01d
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: b01a1b1c19436e4c9c7ba4c8050cf01dSHA1: a8ea730e1acc73846b478447333d915efa5eb974ANALYSIS DATE: 2023-03-15T09:10:59ZTTPS: T1005, T1081, T1012, T1053,...
Malware Analysis – djvu – 5b5166499d4e1bae9260f07e2a6b7425
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 5b5166499d4e1bae9260f07e2a6b7425SHA1: ad20dadfb4af16d2f7cafa0777652d0fd7bd4ad0ANALYSIS DATE: 2023-03-15T10:27:07ZTTPS: T1222, T1082, T1012, T1053,...
Malware Analysis – discovery – 3b02025002ceb06c4ce1c9c778232664
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, evasion, exploit, persistenceMD5: 3b02025002ceb06c4ce1c9c778232664SHA1: 2aeb8b0adb9cc4f198a9f4d907a28ffd2961caf5ANALYSIS DATE: 2023-03-15T10:51:32ZTTPS: T1031, T1562, T1489, T1012, T1112, T1082, T1222, T1060...
Malware Analysis – ransomware – df4ccdcc93d82240feeb83abf41683d7
Score: 6 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: df4ccdcc93d82240feeb83abf41683d7SHA1: 0d48b5dc98e65ceed2a99448a8df3e2f4702250aANALYSIS DATE: 2023-03-15T09:11:36ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – amadey – 0ca5cd39526bb33fca90e5cdf0d0ac5d
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:pseudomanuscrypt, family:rhadamanthys, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, loader, persistence, ransomware, spyware, stealer,...
Malware Analysis – smokeloader – 1cb2590e0e278ac08f7b350e278d02be
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 1cb2590e0e278ac08f7b350e278d02beSHA1: d31d69d7e761ef7ef59c57703d8337a2df800693ANALYSIS DATE: 2023-03-15T11:41:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 70d66d43809da468071f45d812aac404
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 70d66d43809da468071f45d812aac404SHA1: cba1c347b410a77c8ff3066052d870a8f1505c4cANALYSIS DATE: 2023-03-15T11:22:06ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – djvu – 198676e50dabce25f8bdb7f6e1ecbec9
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 198676e50dabce25f8bdb7f6e1ecbec9SHA1: 79973d12b610dc0787260180b368487d3ce67213ANALYSIS DATE: 2023-03-15T11:45:06ZTTPS: T1130, T1112, T1060, T1053,...
Malware Analysis – amadey – 3fa6103e5d25ff85e7dfe9e61d2b1d2a
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, stealer, trojanMD5: 3fa6103e5d25ff85e7dfe9e61d2b1d2aSHA1: 1a8fd33ce1a619beee47b2798dcfbeadbcd17419ANALYSIS DATE:...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1338
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1337
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1336
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1339
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1334
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypass | CVE-2023-1333
NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress security bypassPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access...
Roxy-WI directory traversal | CVE-2023-25803
NAME__________Roxy-WI directory traversalPlatforms Affected:Roxy-WI Roxy-WI 6.3.4.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Roxy-WI could allow a remote attacker to traverse directories on the system,...
LMXCMS SQL injection | CVE-2023-1322
NAME__________LMXCMS SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________LMXCMS is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Online Pizza Ordering System SQL injection | CVE-2023-1365
NAME__________Online Pizza Ordering System SQL injectionPlatforms Affected:Risk Level:7.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A remote...
CodeIgniter Shield information disclosure | CVE-2023-27580
NAME__________CodeIgniter Shield information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________CodeIgniter Shield could allow a remote attacker to obtain sensitive information, caused by...
115cms file upload | CVE-2023-1328
NAME__________115cms file uploadPlatforms Affected:Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________115cms could allow a remote authenticated attacker to upload arbitrary files, caused by improper...
Online Pizza Ordering System SQL injection | CVE-2023-1364
NAME__________Online Pizza Ordering System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A remote...
