LockBit 3.0 Ransomware Victim: eurosupport[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Month: July 2023
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism...
Swedish Data Protection Authority Warns Companies Against Google Analytics Use
The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance,...
Mexico-Based Hacker Targets Global Banks with Android Malware
An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but...
Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw
No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices...
Malware Analysis – evasion – cd9772b99eaa36291b8568582a6c068b
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: cd9772b99eaa36291b8568582a6c068bSHA1: e20af237fb688484edbc237c102a79c0e7c8c7c7ANALYSIS DATE: 2023-07-04T15:09:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – persistence – f197e2ade3bf47b6a7ff836c1e7987d3
Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: f197e2ade3bf47b6a7ff836c1e7987d3SHA1: 0c229bfce0057396ed162988a269175775dc2295ANALYSIS DATE: 2023-07-04T17:56:27ZTTPS: T1491, T1112, T1060 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – smokeloader – f2a67f87ec8bddd18aae50dd235a5da1
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: f2a67f87ec8bddd18aae50dd235a5da1SHA1: f91b677f3f8e9c9169039d45cdde6a98d27b8a34ANALYSIS DATE: 2023-07-04T17:34:05ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – ca1a0dd10f4376823f81798a4a338be2
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:dcad9d884915bbb6106f78e5e2ea6168, discovery, persistence, ransomware, spyware, stealerMD5: ca1a0dd10f4376823f81798a4a338be2SHA1: d53498d723618519e928701cb8f0259e3a961504ANALYSIS DATE: 2023-07-04T17:53:28ZTTPS: T1005, T1081, T1130, T1112,...
Malware Analysis – evasion – da3628b2a375448ed4b7410bf1b0c74e
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: da3628b2a375448ed4b7410bf1b0c74eSHA1: e33e4bb6558b0e256630ee8c1d4c6aca14333e4aANALYSIS DATE: 2023-07-04T15:31:00ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Akira Ransomware Victim: 4LEAF, Inc
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: snjb[.]net
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: oneexchangecorp[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: snjb[.]net
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Gira KNX/IP-Router directory traversal | CVE-2023-33277
NAME__________Gira KNX/IP-Router directory traversalPlatforms Affected:Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 Gira Giersiepen Gira KNX/IP-Router 3.3.8.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Gira KNX/IP-Router could allow...
Sophos Web Appliance cross-site scripting | CVE-2023-33336
NAME__________Sophos Web Appliance cross-site scriptingPlatforms Affected:Sophos Web Appliance 4.3.9.1 Sophos Web Appliance 4.1.1-0.9Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Sophos Web Appliance is vulnerable...
Gradle directory traversal | CVE-2023-35946
NAME__________Gradle directory traversalPlatforms Affected:Gradle Gradle 7.6.1 Gradle Gradle 8.0 Gradle Gradle 8.1.1Risk Level:6.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Gradle could allow a remote attacker...
IBM i command execution | CVE-2023-30990
NAME__________IBM i command executionPlatforms Affected:IBM i 7.2 IBM i 7.3 IBM i 7.4 IBM i 7.5Risk Level:5.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IBM i...
py-pdf pypdf denial of service | CVE-2023-36807
NAME__________py-pdf pypdf denial of servicePlatforms Affected:py-pdf pypdf 2.10.5Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________py-pdf pypdf is vulnerable to a denial of service,...
MISP information disclosure | CVE-2023-37306
NAME__________MISP information disclosurePlatforms Affected:MISP MISP 2.4.172Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MISP could allow a remote attacker to obtain sensitive information, caused by...
Django EmailValidator and URLValidator denial of service | CVE-2023-36053
NAME__________Django EmailValidator and URLValidator denial of servicePlatforms Affected:Django Django 3.2 Django Django 4.1 Django Django 4.2Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Django...
Gradle directory traversal | CVE-2023-35947
NAME__________Gradle directory traversalPlatforms Affected:Gradle Gradle 7.6.1 Gradle Gradle 8.0 Gradle Gradle 8.1.1Risk Level:6.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Gradle could allow a remote attacker...
Karakurt Ransomware Victim: Jefferson County Health Center
KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
Malware Analysis – smokeloader – 9a6aca4f51392e1c36e2526daf901f84
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 9a6aca4f51392e1c36e2526daf901f84SHA1: 6e1f252146f42f338aec76c26cf7f0d39eec70fcANALYSIS DATE: 2023-07-03T15:46:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
