threatintel

Cobalt Stike Beacon Detected – 13[.]231[.]199[.]195:80

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 13[.]231[.]199[.]195:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 39[.]108[.]248[.]6:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 192[.]144[.]200[.]160:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 34[.]81[.]97[.]209:8443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 40[.]112[.]57[.]238:8080

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 81[.]68[.]85[.]250:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – azov – 2009a024db69830d3e2154199c547bed

November 15, 2022

Score: 10 MALWARE FAMILY: azovTAGS:family:azov, persistence, ransomware, spyware, stealer, wiperMD5: 2009a024db69830d3e2154199c547bedSHA1: 560e504a951149d8eb7a90c8d087ea45cd2fde40ANALYSIS DATE: 2022-11-15T09:11:38ZTTPS: T1012, T1120, T1082, T1060, T1112, T1005,...

Malware Analysis – djvu – 52740e55ccb3887f6910e879b4fe7147

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 52740e55ccb3887f6910e879b4fe7147SHA1: 2d7106663a0e247f988a8abcd1cc2f18af8235a5ANALYSIS DATE: 2022-11-15T09:02:27ZTTPS: T1005, T1081, T1053, T1082,...

Malware Analysis – evasion – 4b2e849543b0ecaec1885170a5ef5243

November 15, 2022

Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 4b2e849543b0ecaec1885170a5ef5243SHA1: fc70407cbe422a8ee12be63a520d8638e382e9aaANALYSIS DATE: 2022-11-15T10:06:05ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – quasar – 5c15c3545fa841deb975d3c0d7fdbe1e

November 15, 2022

Score: 10 MALWARE FAMILY: quasarTAGS:family:quasar, botnet:venom client, agilenet, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 5c15c3545fa841deb975d3c0d7fdbe1eSHA1: 4e3c5266247aa594671eba955c940268e95e5025ANALYSIS DATE: 2022-11-15T08:59:15ZTTPS: T1012, T1120,...

Black Basta Ransomware Victim: Kessing Rechtsanwälte und Fachanwälte in PartGmbB

November 15, 2022

Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – discovery – cff0e1b4af4ef5a2d4cb78ea5d403d58

November 15, 2022

Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, exploitMD5: cff0e1b4af4ef5a2d4cb78ea5d403d58SHA1: 5224506ce265475452aeddf540f5f9b996f84bd6ANALYSIS DATE: 2022-11-15T10:22:20ZTTPS: T1031, T1562, T1489, T1053, T1082, T1130, T1112, T1102, T1222...

Malware Analysis – amadey – 086e4feb401610ae41653bd6aa8027e6

November 15, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:dcrat, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:mario23_10, backdoor, collection, discovery, infostealer, persistence, ransomware, rat, spyware,...

Malware Analysis – ransomware – 01492156ce8b4034c5b1027130f4cf4e

November 15, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 01492156ce8b4034c5b1027130f4cf4eSHA1: 6b0deb67a178fe20e81691133b257df3bafa3006ANALYSIS DATE: 2022-11-15T10:46:56ZTTPS: T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – djvu – 623ec8b8c74e4e45a2380c41b5bb8045

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 623ec8b8c74e4e45a2380c41b5bb8045SHA1: 47e9d882222e753be4ffe638b500c9ae7f74a48dANALYSIS DATE: 2022-11-15T10:27:58ZTTPS: T1053, T1005, T1081, T1012,...

Cobalt Stike Beacon Detected – 5[.]44[.]42[.]46:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]91:80

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 124[.]71[.]145[.]63:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 5[.]181[.]86[.]248:443

November 15, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – smokeloader – 30f5717c7d19ac946764014ae49b8670

November 15, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 30f5717c7d19ac946764014ae49b8670SHA1: f6ec0fa83c48e36ad5457610d0219af07ab8076cANALYSIS DATE: 2022-11-15T11:22:07ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – djvu – 8fc3fff3efe99267c5b2bfffff18d77c

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 8fc3fff3efe99267c5b2bfffff18d77cSHA1: c174206043042369386f0e44826b17ef23e761c7ANALYSIS DATE: 2022-11-15T11:07:33ZTTPS: T1012, T1082, T1005, T1081,...

Malware Analysis – djvu – 397ae229dec0f1c462965b2d01109259

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 397ae229dec0f1c462965b2d01109259SHA1: db5c33388009d4e32a41493f0d9c457caecd376cANALYSIS DATE: 2022-11-15T11:21:03ZTTPS: T1012, T1082, T1005, T1081,...

Malware Analysis – amadey – 497e58c722c33d1b5a4674e70a3f67a2

November 15, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:@redlinevip cloud (tg: @fatherofcarders), botnet:boy, botnet:mario23_10, botnet:new1, botnet:rozena1114, backdoor, collection,...

threatintel

Cobalt Stike Beacon Detected – 13[.]231[.]199[.]195:80

Cobalt Stike Beacon Detected – 13[.]231[.]199[.]195:443

Cobalt Stike Beacon Detected – 39[.]108[.]248[.]6:443

Cobalt Stike Beacon Detected – 192[.]144[.]200[.]160:443

Cobalt Stike Beacon Detected – 34[.]81[.]97[.]209:8443

Cobalt Stike Beacon Detected – 40[.]112[.]57[.]238:8080

Cobalt Stike Beacon Detected – 81[.]68[.]85[.]250:443

Malware Analysis – azov – 2009a024db69830d3e2154199c547bed

Malware Analysis – djvu – 52740e55ccb3887f6910e879b4fe7147

Malware Analysis – evasion – 4b2e849543b0ecaec1885170a5ef5243

Malware Analysis – quasar – 5c15c3545fa841deb975d3c0d7fdbe1e

Black Basta Ransomware Victim: Kessing Rechtsanwälte und Fachanwälte in PartGmbB

Malware Analysis – discovery – cff0e1b4af4ef5a2d4cb78ea5d403d58

Malware Analysis – amadey – 086e4feb401610ae41653bd6aa8027e6

Malware Analysis – ransomware – 01492156ce8b4034c5b1027130f4cf4e

Malware Analysis – djvu – 623ec8b8c74e4e45a2380c41b5bb8045

Cobalt Stike Beacon Detected – 5[.]44[.]42[.]46:443

Cobalt Stike Beacon Detected – 194[.]165[.]16[.]91:80

Cobalt Stike Beacon Detected – 124[.]71[.]145[.]63:443

Cobalt Stike Beacon Detected – 5[.]181[.]86[.]248:443

Malware Analysis – smokeloader – 30f5717c7d19ac946764014ae49b8670

Malware Analysis – djvu – 8fc3fff3efe99267c5b2bfffff18d77c

Malware Analysis – djvu – 397ae229dec0f1c462965b2d01109259

Malware Analysis – amadey – 497e58c722c33d1b5a4674e70a3f67a2

[SARCOMA] – Ransomware Victim: Jacquet Weston Engineering

[SARCOMA] – Ransomware Victim: compass-underwriting-ltd

[SARCOMA] – Ransomware Victim: cana group corp

[LYNX] – Ransomware Victim: Sentinel Systems

[LYNX] – Ransomware Victim: Angotti & Reilly

You may have missed