New SLP bug can lead to massive 2,200x DDoS amplification attacks
A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service...
Month: April 2023
VMware fixes critical zero-day exploit chain used at Pwn2Own
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched...
BlackByte Ransomware Victim: Dacotah Paper
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Posh C2 Detected – 95[.]164[.]87[.]82:443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on April 20, 2023. These...
CISA: CISA to Continue and Enhance U.K.’s Logging Made Easy Tool
CISA to Continue and Enhance U.K.’s Logging Made Easy Tool CISA has announced plans to continue and enhance the Logging...
CISA: Oracle Releases Security Updates
Oracle Releases Security Updates Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling...
CISA: Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core Drupal has released a security advisory to address an access...
CISA: Abuse of the Service Location Protocol May Lead to DoS Attacks
Abuse of the Service Location Protocol May Lead to DoS Attacks The Service Location Protocol (SLP, RFC 2608(link is external))...
CISA: CISA Releases Two SBOM Documents
CISA Releases Two SBOM Documents Today, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM...
CISA: VMware Releases Security Update for Aria Operations for Logs
VMware Releases Security Update for Aria Operations for Logs VMware has released a security update to address multiple vulnerabilities in...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
auditpolCIS – CIS Benchmark Testing Of Windows SIEM Configuration
CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings...
CISA: Abuse of the Service Location Protocol May Lead to DoS Attacks
Abuse of the Service Location Protocol May Lead to DoS Attacks The Service Location Protocol (SLP, RFC 2608(link is external))...
Royal Ransomware Victim: Encompass Group
RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
Malware Analysis – evasion – 495c2a34d4447df001099893059774f6
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealerMD5: 495c2a34d4447df001099893059774f6SHA1: bf7c9c05ae10ffaab5325c434705b33384ddf2b2ANALYSIS DATE: 2023-04-25T15:17:13ZTTPS: T1490, T1060, T1112, T1031, T1562, T1489, T1082,...
Malware Analysis – evasion – 469eb4d876c8bd2093e47d2474fbc59b
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, upxMD5: 469eb4d876c8bd2093e47d2474fbc59bSHA1: 0ff84a77d24839137002c56e9ff60c7f92080ca8ANALYSIS DATE: 2023-04-25T15:17:13ZTTPS: T1490, T1082, T1005, T1081, T1060, T1112,...
Malware Analysis – evasion – c50a968d1c6351e9e087a56b1e5a1acd
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealerMD5: c50a968d1c6351e9e087a56b1e5a1acdSHA1: d9c4742a26bf41c5009f2e56f53ae9fab931a5b1ANALYSIS DATE: 2023-04-25T15:17:13ZTTPS: T1490, T1005, T1081, T1060, T1112, T1031, T1562,...
Malware Analysis – amadey – fd5168a3d3adb20b0eedfd5f43ee3626
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:lumma, family:smokeloader, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, botnet:6908ab4fa5f20120a1d1ab0aab96b784, botnet:acfe5a66e11e3bf64369ac07af193354, botnet:pub1, botnet:sprg, backdoor, discovery, evasion, persistence, ransomware, spyware,...
Malware Analysis – evasion – 74dfb9ff18eb2dcea85dd97d01f96702
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, upxMD5: 74dfb9ff18eb2dcea85dd97d01f96702SHA1: e6c134f0cb8f2bdf2255d06ef5720c314c03837fANALYSIS DATE: 2023-04-25T15:17:13ZTTPS: T1490, T1060, T1112, T1031, T1562, T1489,...
Malware Analysis – djvu – f60e6578aa0bb267266b0f72fd6ec284
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:5cb879265de0011bfc7588d5d251aee6, discovery, persistence, ransomware, spyware, stealerMD5: f60e6578aa0bb267266b0f72fd6ec284SHA1: 5a9ce528a2294269c403e6f4e98d27fd05bc565fANALYSIS DATE: 2023-04-25T15:19:23ZTTPS: T1053, T1005, T1081, T1012,...
