Detecting data theft with Wazuh, the open-source XDR
Data theft is the act of stealing data stored in business databases, endpoints, and servers. The stolen data can include...
Month: May 2023
CISA: VMware Releases Security Update for Aria Operations for Logs
VMware Releases Security Update for Aria Operations for Logs VMware has released a security update to address multiple vulnerabilities in...
CISA: Abuse of the Service Location Protocol May Lead to DoS Attacks
Abuse of the Service Location Protocol May Lead to DoS Attacks The Service Location Protocol (SLP, RFC 2608(link is external))...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These...
CISA: CISA Releases One Industrial Control Systems Medical Advisory
CISA Releases One Industrial Control Systems Medical Advisory CISA released one Industrial Control Systems Medical (ICS) medical advisory on April...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans
CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans The Federal Communications Commission (FCC) maintains a Covered...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on May 2, 2023. These...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Requests for Comment on Secure Software Self-Attestation Form
CISA Requests for Comment on Secure Software Self-Attestation Form CISA has issued requests for comment on the Secure Software Self-Attestation...
Cobalt Stike Beacon Detected – 206[.]119[.]74[.]215:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 209[.]97[.]135[.]107:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 20[.]119[.]42[.]48:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 8[.]141[.]161[.]11:6666
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]43[.]224[.]186:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
US-CERT Vulnerability Summary for the Week of April 24, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Nimbo-C2 – Yet Another (Simple And Lightweight) C2 Framework
About Nimbo-C2 is yet another (simple and lightweight) C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in...
Malware Analysis – amadey – 32b3fe74b988b12fcb484850f17d1721
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, trojanMD5: 32b3fe74b988b12fcb484850f17d1721SHA1: f6d21919f699f4a903ccc382bbce215642aa1db4ANALYSIS DATE: 2023-05-08T15:30:14ZTTPS: T1012, T1222, T1053,...
Malware Analysis – djvu – 941dc581a841ce8fc209aab1345fabba
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:31c7719b5ee962fbde376b75e771360d, discovery, persistence, ransomware, spyware, stealerMD5: 941dc581a841ce8fc209aab1345fabbaSHA1: 6473ef23e5f87d642fdb249d2ce01993a5aa30edANALYSIS DATE: 2023-05-08T15:22:13ZTTPS: T1082, T1053, T1005, T1081,...
Malware Analysis – amadey – 727b9c1facb2764ed3b69f34078ec711
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, trojanMD5: 727b9c1facb2764ed3b69f34078ec711SHA1: 965c066af34f939ac544fdf702b6609979f9d79dANALYSIS DATE: 2023-05-08T15:09:16ZTTPS: T1053, T1012, T1120,...
Malware Analysis – djvu – 3f96efacd3ab4a4b6ecba23fa0b99390
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:31c7719b5ee962fbde376b75e771360d, discovery, persistence, ransomware, spyware, stealerMD5: 3f96efacd3ab4a4b6ecba23fa0b99390SHA1: c73f24a0f81267cac9045dd93d8e0805f6026c35ANALYSIS DATE: 2023-05-08T14:58:54ZTTPS: T1012, T1082, T1005, T1081,...
Daily Threat Intelligence – May 08 – 2023
The stealth with which ransomware operations run today is highly intimidating to businesses. Researchers have stumbled across a couple of...
Malware Analysis – djvu – bf3a2484532f79b9a300bda711005470
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:31c7719b5ee962fbde376b75e771360d, discovery, persistence, ransomware, spyware, stealerMD5: bf3a2484532f79b9a300bda711005470SHA1: 29e99330b4d07f80ff48a7d7c2c265262b8f1713ANALYSIS DATE: 2023-05-08T16:08:47ZTTPS: T1005, T1081, T1012, T1082,...
