Year: 2023

Cobalt Stike Beacon Detected – 88[.]218[.]193[.]100:443

January 4, 2023

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – nitro – a0c0192c30c048044421d25c23501582

January 4, 2023

Score: 10 MALWARE FAMILY: nitroTAGS:family:nitro, persistence, ransomware, spyware, stealerMD5: a0c0192c30c048044421d25c23501582SHA1: d6080d25a6439238d0a8e90e6bbfc229680ecf3bANALYSIS DATE: 2023-01-04T10:05:23ZTTPS: T1005, T1081, T1491, T1112, T1102, T1060, T1012,...

Malware Analysis – amadey – 6c5d5e80bab3b17f1b6faa5273e0b224

January 4, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 6c5d5e80bab3b17f1b6faa5273e0b224SHA1: e486b2da9876bd1205a6efd8098dd30b59a6454dANALYSIS...

Malware Analysis – smokeloader – 88fc55ed1a5295684fc77c36024060cf

January 4, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 88fc55ed1a5295684fc77c36024060cfSHA1: 3c09ac4a25c92f1f3a4052ee1e97659b39672925ANALYSIS DATE: 2023-01-04T11:26:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – 0e2f34900a7e0324b91ca191fd043e74

January 4, 2023

Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 0e2f34900a7e0324b91ca191fd043e74SHA1: 8d34aca2b2ca50d3816b161493ec7440f2cbdbc0ANALYSIS DATE: 2023-01-04T10:53:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – djvu – a4b4e507ef0dc6c624c17badb10d29c9

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: a4b4e507ef0dc6c624c17badb10d29c9SHA1: d376a5af805dd6654af35f42f71a3303ff1905f6ANALYSIS DATE: 2023-01-04T10:20:49ZTTPS: T1082, T1012, T1053, T1222,...

Qualcomm BIOS buffer overflow | CVE-2022-40517

January 4, 2023

NAME Qualcomm BIOS buffer overflow Platforms Affected:Qualcomm BIOSRisk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Qualcomm BIOS is vulnerable to a stack-based buffer overflow,...

memos security bypass | CVE-2022-4863

January 4, 2023

NAME memos security bypass Platforms Affected:memos memos 0.9.0Risk Level:8.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION memos could allow a local attacker to bypass security...

Synology VPN Plus Server command execution | CVE-2022-43931

January 4, 2023

NAME Synology VPN Plus Server command execution Platforms Affected:Synology VPN Plus Server for SRM 1.2 Synology VPN Plus Server for...

Esri Portal for ArcGIS directory traversal | CVE-2022-38205

January 4, 2023

NAME Esri Portal for ArcGIS directory traversal Platforms Affected:Esri Portal for ArcGIS 10.9.1Risk Level:8.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION Esri Portal for ArcGIS...

Apache Kylin command execution | CVE-2022-43396

January 4, 2023

NAME Apache Kylin command execution Platforms Affected:Apache Kylin 3.0.0 Apache Kylin 2.0.0 Apache Kylin 4.0.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Kylin...

memos cross-site request forgery | CVE-2022-4847

January 4, 2023

NAME memos cross-site request forgery Platforms Affected:Risk Level:8.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION memos is vulnerable to cross-site request forgery, caused...

Apache Kylin command execution | CVE-2022-44621

January 4, 2023

Froxlor security bypass | CVE-2022-4868

January 4, 2023

NAME Froxlor security bypass Platforms Affected:Froxlor Froxlor 0.10.38.3Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Froxlor could allow a remote authenticated attacker to bypass...

memos cross-site request forgery | CVE-2022-4848

January 4, 2023

NAME memos cross-site request forgery Platforms Affected:Risk Level:8.6Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION memos is vulnerable to cross-site request forgery, caused...

Qualcomm BIOS buffer overflow | CVE-2022-40516

January 4, 2023

Qualcomm BIOS buffer overflow | CVE-2022-40520

January 4, 2023

Daily Vulnerability Trends: Wed Jan 04 2023

January 4, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.CVE-2022-29455DOM-based Reflected Cross-Site Scripting (XSS) vulnerability...

Malware Analysis – djvu – 4d50334081024a62178c18193ad7640a

January 4, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 4d50334081024a62178c18193ad7640aSHA1: 89f06b69f0acf9f1e625c5097b82b74c20030c8bANALYSIS DATE: 2023-01-04T03:04:12ZTTPS: T1005, T1081, T1012, T1082,...

Malware Analysis – smokeloader – a83bee74074204ce9dd5e9780187aa0f

January 4, 2023

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: a83bee74074204ce9dd5e9780187aa0fSHA1: f80dca4216a824bdaea42ea1ce115ac8f66c05dbANALYSIS DATE: 2023-01-04T03:11:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – 4b95b42cac7a11602b26caa41574d764

January 4, 2023

Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 4b95b42cac7a11602b26caa41574d764SHA1: f64b7f29ecf8516d9d55bca8443f33d041b2b16aANALYSIS DATE: 2023-01-04T03:28:40ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Malware Analysis – evasion – cebed8210feb0d37479d62199049e0ba

January 4, 2023

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: cebed8210feb0d37479d62199049e0baSHA1: eec586742f917b65c73d2f99c11dd65072c4f298ANALYSIS DATE: 2023-01-04T03:41:58ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – meow – 80637ef09441d910ae7bdda488eb9989

January 4, 2023

Score: 10 MALWARE FAMILY: meowTAGS:family:meow, ransomware, spyware, stealerMD5: 80637ef09441d910ae7bdda488eb9989SHA1: 638e3ca8c66e218a3bdc666d52c2a91a116b60d7ANALYSIS DATE: 2023-01-04T03:36:27ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – amadey – 03a2ae7e3d0fabcf4858e10a822d9a99

January 4, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealer, trojan,...

Year: 2023

Cobalt Stike Beacon Detected – 88[.]218[.]193[.]100:443

Malware Analysis – nitro – a0c0192c30c048044421d25c23501582

Malware Analysis – amadey – 6c5d5e80bab3b17f1b6faa5273e0b224

Malware Analysis – smokeloader – 88fc55ed1a5295684fc77c36024060cf

Malware Analysis – ransomware – 0e2f34900a7e0324b91ca191fd043e74

Malware Analysis – djvu – a4b4e507ef0dc6c624c17badb10d29c9

Qualcomm BIOS buffer overflow | CVE-2022-40517

memos security bypass | CVE-2022-4863

Synology VPN Plus Server command execution | CVE-2022-43931

Esri Portal for ArcGIS directory traversal | CVE-2022-38205

Apache Kylin command execution | CVE-2022-43396

memos cross-site request forgery | CVE-2022-4847

Apache Kylin command execution | CVE-2022-44621

Froxlor security bypass | CVE-2022-4868

memos cross-site request forgery | CVE-2022-4848

Qualcomm BIOS buffer overflow | CVE-2022-40516

Qualcomm BIOS buffer overflow | CVE-2022-40520

Daily Vulnerability Trends: Wed Jan 04 2023

Malware Analysis – djvu – 4d50334081024a62178c18193ad7640a

Malware Analysis – smokeloader – a83bee74074204ce9dd5e9780187aa0f

Malware Analysis – ransomware – 4b95b42cac7a11602b26caa41574d764

Malware Analysis – evasion – cebed8210feb0d37479d62199049e0ba

Malware Analysis – meow – 80637ef09441d910ae7bdda488eb9989

Malware Analysis – amadey – 03a2ae7e3d0fabcf4858e10a822d9a99

[EMBARGO] – Ransomware Victim: alansarioman[.]com

[AKIRA] – Ransomware Victim: E-Tank (Part 2)

[FUNKSEC] – Ransomware Victim: gags[.]gov[.]eg

[FUNKSEC] – Ransomware Victim: mindev[.]gov[.]gr

[AKIRA] – Ransomware Victim: E-Tank (Part 1)

You may have missed