Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat...
Year: 2023
Ransomware in November 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
Cobalt Stike Beacon Detected – 124[.]222[.]73[.]187:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 24[.]199[.]125[.]39:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]187[.]24:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]27[.]62[.]175:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]13[.]1[.]223:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]77[.]44[.]118:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – evasion – 4f774b19f651b067f18d07509c0c938d
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 4f774b19f651b067f18d07509c0c938dSHA1: 4fc969b01a148d8fcc9d18349f84840ae4b2d69bANALYSIS DATE: 2023-01-13T20:58:46ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – – 3b01de02b4a717539c44af9b388cf730
Score: 7 MALWARE FAMILY: TAGS:MD5: 3b01de02b4a717539c44af9b388cf730SHA1: e835e5bda10c4af40b07bdc8e0be8ba31d09a1caANALYSIS DATE: 2023-01-13T22:05:02ZTTPS: T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 3dcf9fdd2fd95e1d56d8a5dc010130d6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 3dcf9fdd2fd95e1d56d8a5dc010130d6SHA1: 698761ced0b29ce6c67734368731ab8281124727ANALYSIS DATE: 2023-01-13T23:53:00ZTTPS: T1222, T1012, T1082, T1005,...
Malware Analysis – djvu – a3b16d93ce7b3facd97125fb30337366
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: a3b16d93ce7b3facd97125fb30337366SHA1: 67ef3d916b09d6efe05584e76dade7b9a0764a09ANALYSIS DATE: 2023-01-13T22:41:28ZTTPS:...
Malware Analysis – djvu – 0563eaa2a29f70a215875bd221d578f1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 0563eaa2a29f70a215875bd221d578f1SHA1: 26aa7dfb6c3d060e85669a3aaf6c423940312481ANALYSIS DATE: 2023-01-13T22:17:18ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – djvu – 02aa7141b84264a4f3e6479d2205d4d2
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 02aa7141b84264a4f3e6479d2205d4d2SHA1: 10ed25dd9b39608e9b8d856fec7498e7f2c84360ANALYSIS DATE: 2023-01-13T15:45:17ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – vidar – 1272913903f006257782576e54bc42f1
Score: 10 MALWARE FAMILY: vidarTAGS:family:vidar, botnet:1375, discovery, persistence, ransomware, stealerMD5: 1272913903f006257782576e54bc42f1SHA1: 2f0de1263f81ed61aed30911322ef0d8afeac200ANALYSIS DATE: 2023-01-13T15:22:43ZTTPS: T1012, T1082, T1112, T1042, T1060 ScoreMeaningExample10Known...
Malware Analysis – discovery – d60f20003600b70defb72215417aadee
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: d60f20003600b70defb72215417aadeeSHA1: b89035349ad4894e1837b81e3e826ca4572f4f88ANALYSIS DATE: 2023-01-13T15:37:51ZTTPS: T1012, T1497, T1060, T1112, T1120, T1082, T1130 ScoreMeaningExample10Known...
HackerOne Bug Bounty Disclosure: reference-caching-can-leak-data-to-unauthorized-usersbysystemkeeper
Programme HackerOne Nextcloud Nextcloud Submitted by systemkeeper systemkeeper Report Reference caching can leak data to unauthorized users Full Report A...
HackerOne Bug Bounty Disclosure: github-app-privilege-escalation-to-administrator/owner-of-the-organizationbyvaib25vicky
Programme HackerOne GitHub GitHub Submitted by vaib25vicky vaib25vicky Report Github app Privilege Escalation to Administrator/Owner of the Organization Full Report...
Malware Analysis – wannacry – 6943bb5d7fa5f8893385354002e68b2c
Score: 10 MALWARE FAMILY: wannacryTAGS:family:wannacry, persistence, ransomware, spyware, stealer, wormMD5: 6943bb5d7fa5f8893385354002e68b2cSHA1: 5ed52e3e97d2114a96f392aaaa37c208747faebfANALYSIS DATE: 2023-01-13T16:09:05ZTTPS: T1082, T1012, T1005, T1081, T1060, T1112,...
Malware Analysis – djvu – 3135f5ea657071a0408c14ae45b950ae
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 3135f5ea657071a0408c14ae45b950aeSHA1: aecdf7ed7cd490fce083ee0b967f2dd60aa7b891ANALYSIS DATE: 2023-01-13T16:03:31ZTTPS:...
Malware Analysis – evasion – 73c608165fc99f8ef3ff46f00fbbc6e1
Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 73c608165fc99f8ef3ff46f00fbbc6e1SHA1: 3e234aa1df5858fc283aaa82df18aecf07a9b80cANALYSIS DATE: 2023-01-13T15:49:24ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 2cc9c4905636d184f5256a2ac37e483b
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 2cc9c4905636d184f5256a2ac37e483bSHA1: 3990069a21db98cbd1c33a66cb68a184c51da357ANALYSIS DATE: 2023-01-13T15:54:19ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – ransomware – f400444ce55b318596cd2772d3578b7e
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: f400444ce55b318596cd2772d3578b7eSHA1: b6d2bfb420f7f3fcf588db1992c0d74cf7ce9e94ANALYSIS DATE: 2023-01-13T16:59:59ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – djvu – 789f2ca0649dbf650af10391d3618a99
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 789f2ca0649dbf650af10391d3618a99SHA1: ceab7bb533ad3a803319d69cba21f6a4a489a22fANALYSIS DATE: 2023-01-13T16:30:50ZTTPS: T1005, T1081, T1012, T1082,...
