Vice Society Ransomware Victim: Guildford County School
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Year: 2023
Cobalt Stike Beacon Detected – 51[.]254[.]53[.]1:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 81[.]68[.]173[.]143:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 104[.]208[.]73[.]11:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]61[.]186[.]121:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – smokeloader – 5b82951e130e62cdd1ffe83c173c5577
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 5b82951e130e62cdd1ffe83c173c5577SHA1: ea6d9f216a48d4d11ebb9026d225ba3a48cda3eeANALYSIS DATE: 2023-02-01T09:33:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – a237e7d2a7113dc1ed04f60cccbf77e6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: a237e7d2a7113dc1ed04f60cccbf77e6SHA1: 4e629739c773855aa15d702ea789809598844827ANALYSIS DATE: 2023-02-01T10:08:17ZTTPS: T1082, T1005, T1081, T1012,...
Malware Analysis – djvu – 35b59455f922242f7eb712b8a59d09e3
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 35b59455f922242f7eb712b8a59d09e3SHA1: 56e0003a00e6f0d2f61a9624e5b21f517bae6c4dANALYSIS DATE: 2023-02-01T10:40:04ZTTPS:...
Malware Analysis – djvu – d9f343ef3d19bcb2d9cf34a026475f6f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: d9f343ef3d19bcb2d9cf34a026475f6fSHA1: d40edeccf97e8c623be22e282418c507a2d202c5ANALYSIS DATE: 2023-02-01T11:39:00ZTTPS:...
Malware Analysis – djvu – 87fdb817f23819d66aa76611694525cf
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 87fdb817f23819d66aa76611694525cfSHA1: 4b4d231ba899be8a4973a96fe86cd34bd79dd05fANALYSIS DATE: 2023-02-01T10:35:26ZTTPS: T1005, T1081, T1222, T1082,...
Malware Analysis – discovery – 6ba5c46261ff52e7438f21ccef5f8c7e
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 6ba5c46261ff52e7438f21ccef5f8c7eSHA1: acdf309fbfebecb7a93b78068fc1498fae4d9e62ANALYSIS DATE: 2023-02-01T11:38:44ZTTPS: T1222, T1158 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
BaiCells Nova 227, Nova 233, Nova 243, and Nova 246 LTE TDD eNodeB devices code execution | CVE-2023-24508
NAME__________BaiCells Nova 227, Nova 233, Nova 243, and Nova 246 LTE TDD eNodeB devices code executionPlatforms Affected:BaiCells Nova 246 RTS/RTD...
Apache Linkis code execution | CVE-2022-44645
NAME__________Apache Linkis code executionPlatforms Affected:Apache Linkis 1.3.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Linkis could allow a remote authenticated attacker to execute arbitrary...
FreshTomato command execution | CVE-2022-42484
NAME__________FreshTomato command executionPlatforms Affected:FreshTomato FreshTomato 2022.5Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________FreshTomato could allow a remote authenticated attacker to execute arbitrary commands on...
ChangingTech MegaServiSignAdapter code execution | CVE-2022-39060
NAME__________ChangingTech MegaServiSignAdapter code executionPlatforms Affected:ChangingTech MegaServiSignAdapter 1.0.17.0823Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ChangingTech MegaServiSignAdapter could allow a remote attacker to execute arbitrary code...
ContentStudio Plugin for WordPress security bypass | CVE-2023-0558
NAME__________ContentStudio Plugin for WordPress security bypassPlatforms Affected:WordPress ContentStudio Plugin for WordPress 1.2.5Risk Level:8.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________ContentStudio Plugin for WordPress could allow...
Apache Portable Runtime (APR) integer overflow | CVE-2022-25147
NAME__________Apache Portable Runtime (APR) integer overflowPlatforms Affected:Apache Portable Runtime 1.6.1Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Portable Runtime (APR) could allow a remote...
Apache Portable Runtime (APR) integer overflow | CVE-2022-24963
NAME__________Apache Portable Runtime (APR) integer overflowPlatforms Affected:Apache Portable Runtime 1.7.0Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Portable Runtime (APR) could allow a remote...
EFence SQL injection | CVE-2023-22900
NAME__________EFence SQL injectionPlatforms Affected:Risk Level:9.8Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________EFence is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements...
Apache Portable Runtime (APR) integer overflow | CVE-2022-28331
NAME__________Apache Portable Runtime (APR) integer overflowPlatforms Affected:Apache Portable Runtime 1.7.0Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Portable Runtime (APR) could allow a remote...
femanager extension for TYPO3 security bypass |
NAME__________femanager extension for TYPO3 security bypassPlatforms Affected:TYPO3 Femanager extension TYPO3 6.3.0 TYPO3 femanager extension for TYPO3 6.0.0 TYPO3 femanager extension...
Daily Vulnerability Trends: Wed Feb 01 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow...
BlackCat/ALPHV Ransomware Victim: Vision Technologies
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Malware Analysis – evasion – a809cc37ab51220d8f957f9f67d57e09
Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: a809cc37ab51220d8f957f9f67d57e09SHA1: bea4d2fb6764d041f89f78b5eadc2a5cd2dcfd59ANALYSIS DATE: 2023-02-01T02:45:25ZTTPS: T1012, T1120, T1082, T1112, T1491 ScoreMeaningExample10Known badA malware family was...
