Month: March 2023

Cobalt Stike Beacon Detected – 159[.]65[.]198[.]205:443

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 157[.]245[.]153[.]146:8443

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 116[.]205[.]129[.]254:5555

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 7cd226630786c2dde981731544463b23

March 9, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 7cd226630786c2dde981731544463b23SHA1: fbb8cb23aa804fda321bc9079cdcaf0d61095b96ANALYSIS DATE: 2023-03-09T10:34:30ZTTPS: T1005, T1081, T1222, T1082, T1053,...

Malware Analysis – persistence – afa9d7c88c28e9b8cca140413cfb32e4

March 9, 2023

Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, spyware, stealerMD5: afa9d7c88c28e9b8cca140413cfb32e4SHA1: 6936af81c974d6c9e2e6eaedd4026a37135369bcANALYSIS DATE: 2023-03-09T10:50:58ZTTPS: T1491, T1112, T1082, T1060, T1005, T1081 ScoreMeaningExample10Known badA...

Malware Analysis – amadey – b89600a981edebb261b4076e2b05b528

March 9, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, backdoor, discovery, evasion, persistence, ransomware, stealer, trojanMD5: b89600a981edebb261b4076e2b05b528SHA1: 7dfb72a1401e3f230b43414cff60c43f3c927ce5ANALYSIS DATE: 2023-03-09T10:53:22ZTTPS: T1222,...

Malware Analysis – djvu – 185b3efe7ae7908a5d7767832f79fc20

March 9, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 185b3efe7ae7908a5d7767832f79fc20SHA1: 0eda0497474c4cf23809be14dd46f06c2f4f102dANALYSIS DATE: 2023-03-09T10:42:24ZTTPS: T1012, T1082, T1005, T1081, T1060,...

Cobalt Stike Beacon Detected – 52[.]128[.]237[.]35:443

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 210[.]29[.]38[.]52:80

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 54[.]147[.]79[.]98:443

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 43[.]142[.]117[.]98:8443

March 9, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

March 9, 2023

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable...

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

March 9, 2023

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out...

LockBit 3.0 Ransomware Victim: audio-technica[.]com

March 9, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – djvu – 83af4ef0e9a8439d9886543c64fa856d

March 9, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 83af4ef0e9a8439d9886543c64fa856dSHA1: f2258f79081cb4d2383eae195c8603c0cc889f34ANALYSIS DATE: 2023-03-09T03:48:36ZTTPS: T1005, T1081, T1012, T1082, T1222,...

Malware Analysis – blackmatter – e3269531cf93d040b08074bfb31b72a0

March 9, 2023

Score: 10 MALWARE FAMILY: blackmatterTAGS:family:blackmatter, ransomware, upxMD5: e3269531cf93d040b08074bfb31b72a0SHA1: 45b6d89dcea02cc90ae054d72ec80a2eb1036a7eANALYSIS DATE: 2023-03-09T04:43:37ZTTPS: T1130, T1112, T1491 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – amadey – 5bfc171751f4b4377118a9c73702fc5e

March 9, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, backdoor, discovery, evasion, persistence, ransomware, spyware, stealer, trojanMD5: 5bfc171751f4b4377118a9c73702fc5eSHA1: fe966b6589a850a20e9ae44dea26d7a6ba007732ANALYSIS DATE: 2023-03-09T03:32:31ZTTPS:...

Malware Analysis – djvu – db14d145295e8383cbc437402767c355

March 9, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: db14d145295e8383cbc437402767c355SHA1: 53f83db1fc44f62bdfcc4eb4f41aec716ffae554ANALYSIS DATE: 2023-03-09T03:54:27ZTTPS: T1005, T1081, T1012, T1222, T1082,...

Malware Analysis – evasion – 0f0da68ff311ce4a8f51a52678d6fdd8

March 9, 2023

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 0f0da68ff311ce4a8f51a52678d6fdd8SHA1: eb90356abbeea6f00551afcb25a613b91c3da516ANALYSIS DATE: 2023-03-09T04:54:03ZTTPS: T1059, T1107, T1490, T1012, T1120, T1082, T1112 ScoreMeaningExample10Known badA malware...

Malware Analysis – evasion – 991a487e6e1d4e1eb45684c65b2a82d3

March 9, 2023

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomware, trojanMD5: 991a487e6e1d4e1eb45684c65b2a82d3SHA1: b5e31fd6125709b27726d5d3d21d9beb46c6eba6ANALYSIS DATE: 2023-03-09T04:48:03ZTTPS: T1107, T1490, T1112, T1082, T1088, T1089, T1053 ScoreMeaningExample10Known badA...

Malware Analysis – djvu – 96cf6e0b838ee7ecfd36be7d34aa5a83

March 9, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 96cf6e0b838ee7ecfd36be7d34aa5a83SHA1: 8a6402d9779089906712f470aac462b3d2fd4a3aANALYSIS DATE: 2023-03-09T05:49:40ZTTPS: T1060, T1112, T1082, T1053, T1005,...

Malware Analysis – amadey – 42e4c58d60abe9258d6d61c2c5f12c59

March 9, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:pseudomanuscrypt, family:smokeloader, family:vidar, backdoor, discovery, evasion, loader, persistence, ransomware, stealer, trojanMD5: 42e4c58d60abe9258d6d61c2c5f12c59SHA1: d27529007bd24a29b2e5180c022d9adf000b5080ANALYSIS DATE:...

Malware Analysis – smokeloader – c4e426738efd206ac083c08f1273053a

March 9, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: c4e426738efd206ac083c08f1273053aSHA1: 1595aba27a57fd0155e190e03ba98b2081bf416aANALYSIS DATE: 2023-03-08T21:06:04ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – – 59c1dfcf5cc3b76c961fe08f163dbb02

March 9, 2023

Score: 1 MALWARE FAMILY: TAGS:MD5: 59c1dfcf5cc3b76c961fe08f163dbb02SHA1: 12d002783acc1fe8573abf8f07e7fc79d2769f27ANALYSIS DATE: 2023-03-08T22:25:43ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Month: March 2023

Cobalt Stike Beacon Detected – 159[.]65[.]198[.]205:443

Cobalt Stike Beacon Detected – 157[.]245[.]153[.]146:8443

Cobalt Stike Beacon Detected – 116[.]205[.]129[.]254:5555

Malware Analysis – djvu – 7cd226630786c2dde981731544463b23

Malware Analysis – persistence – afa9d7c88c28e9b8cca140413cfb32e4

Malware Analysis – amadey – b89600a981edebb261b4076e2b05b528

Malware Analysis – djvu – 185b3efe7ae7908a5d7767832f79fc20

Cobalt Stike Beacon Detected – 52[.]128[.]237[.]35:443

Cobalt Stike Beacon Detected – 210[.]29[.]38[.]52:80

Cobalt Stike Beacon Detected – 54[.]147[.]79[.]98:443

Cobalt Stike Beacon Detected – 43[.]142[.]117[.]98:8443

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

LockBit 3.0 Ransomware Victim: audio-technica[.]com

Malware Analysis – djvu – 83af4ef0e9a8439d9886543c64fa856d

Malware Analysis – blackmatter – e3269531cf93d040b08074bfb31b72a0

Malware Analysis – amadey – 5bfc171751f4b4377118a9c73702fc5e

Malware Analysis – djvu – db14d145295e8383cbc437402767c355

Malware Analysis – evasion – 0f0da68ff311ce4a8f51a52678d6fdd8

Malware Analysis – evasion – 991a487e6e1d4e1eb45684c65b2a82d3

Malware Analysis – djvu – 96cf6e0b838ee7ecfd36be7d34aa5a83

Malware Analysis – amadey – 42e4c58d60abe9258d6d61c2c5f12c59

Malware Analysis – smokeloader – c4e426738efd206ac083c08f1273053a

Malware Analysis – – 59c1dfcf5cc3b76c961fe08f163dbb02

[INCRANSOM] – Ransomware Victim: Hadwins Volkswagen

[LYNX] – Ransomware Victim: Hypertype

[INCRANSOM] – Ransomware Victim: Nicholsons Solicitors

[RAWORLD] – Ransomware Victim: Co****nt

[KILLSEC] – Ransomware Victim: inv[[.][.][.]]nator

You may have missed