Cobalt Stike Beacon Detected – 123[.]60[.]165[.]221:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Year: 2023
Cobalt Stike Beacon Detected – 146[.]70[.]87[.]143:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 109[.]172[.]45[.]28:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]35[.]247[.]212:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 162[.]33[.]179[.]221:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 109[.]192[.]212[.]70:9001
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]75[.]227[.]134:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – amadey – fd178725fc7ebd4257d17a823158bec5
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: fd178725fc7ebd4257d17a823158bec5SHA1: 81c0dcd1dc7a5936ace3c7036b00c499b54afd04ANALYSIS DATE:...
Malware Analysis – smokeloader – c9afe5085553d1b7b388cc818b7b5a09
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: c9afe5085553d1b7b388cc818b7b5a09SHA1: 425e3328364a93e49a8036bf3413134146e7e5a0ANALYSIS DATE: 2023-02-02T11:05:38ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – 7d0e275d70fd5a61b05f4280fdd787f5
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 7d0e275d70fd5a61b05f4280fdd787f5SHA1: f7751017be5c626cfb3b48729e2a60ad4cf31fa2ANALYSIS DATE: 2023-02-02T11:53:59ZTTPS: T1053, T1005, T1081, T1012,...
Malware Analysis – djvu – f37020074e448e23dc8752c70329907d
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: f37020074e448e23dc8752c70329907dSHA1: 6b6e63ed1f66e9fd987419c249b473b212170eb0ANALYSIS DATE: 2023-02-02T11:11:35ZTTPS: T1060, T1112, T1053, T1005,...
Malware Analysis – amadey – b0d836844b04e4a6f4b5ca87cb6ce63e
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: b0d836844b04e4a6f4b5ca87cb6ce63eSHA1: 8d98770e78655f835711c6ec4c824b51615a6182ANALYSIS DATE:...
Empire C2 Detected – 144[.]38[.]218[.]101:80
The Information provided at the time of posting was detected as "Empire C2". Depending on when you are viewing this...
Brute Ratel C4 Detected – 167[.]71[.]62[.]156:3200
The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...
LIVEBOX Collaboration vDesk privilege escalation | CVE-2022-45172
NAME__________LIVEBOX Collaboration vDesk privilege escalationPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Gain Privilege DESCRIPTION__________LIVEBOX Collaboration vDesk could allow a remote attacker to gain elevated privileges...
Ampache cross-site scripting | CVE-2023-0606
NAME__________Ampache cross-site scriptingPlatforms Affected:Risk Level:9.3Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Ampache is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...
Tenable tenable.io, tenable.sc and Nessus privilege escalation | CVE-2023-0524
NAME__________Tenable tenable.io, tenable.sc and Nessus privilege escalationPlatforms Affected:Tenable Network Security Nessus Tenable Tenable.io Tenable Tenable.scRisk Level:9.1Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Tenable tenable.io, tenable.sc...
Serenissima Informatica FastCheckIn directory traversal | CVE-2022-47768
NAME__________Serenissima Informatica FastCheckIn directory traversalPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Serenissima Informatica FastCheckIn could allow a remote attacker to traverse directories on...
Trend Micro Apex One file upload | CVE-2023-0587
NAME__________Trend Micro Apex One file uploadPlatforms Affected:Risk Level:8.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Trend Micro Apex could allow a remote attacker to upload arbitrary...
Dompdf code execution | CVE-2023-23924
NAME__________Dompdf code executionPlatforms Affected:Risk Level:10Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Dompdf could allow a remote attacker to execute arbitrary code on the system, caused...
reason-jose security bypass | CVE-2023-23928
NAME__________reason-jose security bypassPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________reason-jose could allow a remote authenticated attacker to bypass security restrictions, caused by improper...
OrangeScrum directory traversal | CVE-2023-0454
NAME__________OrangeScrum directory traversalPlatforms Affected:Risk Level:8.1Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________OrangeScrum could allow a remote authenticated attacker to traverse directories on the...
LockBit 3.0 Ransomware Victim: iongroup[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Daily Vulnerability Trends: Thu Feb 02 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-26485Removing an XSLT parameter during processing could have lead to an exploitable...
