threatintel

Google to Pay a record $391M fine for misleading users about the collection of location data

November 15, 2022

Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location...

Previously undetected Earth Longzhi APT group is a subgroup of APT41

November 15, 2022

Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this...

Avast details Worok espionage group’s compromise chain

November 15, 2022

Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers...

KSB2022_Advanced-threat-predictions-990x400-1

Advanced threat predictions for 2023

November 15, 2022

It is fair to say that since last year’s predictions, the world has dramatically changed. While the geopolitical landscape has...

Malware Analysis – djvu – bf29eecd8ccb668323d7f61ff026b109

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: bf29eecd8ccb668323d7f61ff026b109SHA1: a19a0edf8ba13b93c0a37c14e7a203a97cb94a2cANALYSIS DATE: 2022-11-15T04:49:33ZTTPS: T1005, T1081, T1012, T1060,...

Malware Analysis – amadey – 6b635d80897c987ca64e28cc9004a249

November 15, 2022

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:redline, family:smokeloader, family:vidar, botnet:517, botnet:mario23_10, botnet:rozena1114, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer,...

Black Basta Ransomware Victim: Kessing Rechtsanwälte und Fachanwälte in PartGmbB

November 15, 2022

Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – persistence – bbb2eb960cccf3d863bacb7a2f37c07e

November 15, 2022

Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, spyware, stealerMD5: bbb2eb960cccf3d863bacb7a2f37c07eSHA1: 38dc33eaa979e0afb801cd6182c04bf264bd630aANALYSIS DATE: 2022-11-15T05:16:46ZTTPS: T1102, T1060, T1112, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – evasion – f582c50979a0af794c0f2d3b8f94ab16

November 15, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, spyware, stealer, trojanMD5: f582c50979a0af794c0f2d3b8f94ab16SHA1: 6633d9ab4aefffd8298d0f50eaa2192e2fa57099ANALYSIS DATE: 2022-11-15T04:56:49ZTTPS: T1060, T1112, T1158, T1088, T1089, T1082,...

Malware Analysis – nitro – 5c3f73f74ff01937543395e7c97af556

November 15, 2022

Score: 10 MALWARE FAMILY: nitroTAGS:family:nitro, persistence, ransomware, spyware, stealerMD5: 5c3f73f74ff01937543395e7c97af556SHA1: 81ea3ba54b1100945c15bdabf4d49b25f27ed13dANALYSIS DATE: 2022-11-15T05:07:03ZTTPS: T1102, T1060, T1112, T1005, T1081, T1491 ScoreMeaningExample10Known...

Malware Analysis – azov – c85b63aa4526b91acc9ad26f2b142688

November 15, 2022

Score: 10 MALWARE FAMILY: azovTAGS:family:azov, persistence, ransomware, wiperMD5: c85b63aa4526b91acc9ad26f2b142688SHA1: 3adf5f527aa132e874b48a0309f1392f5730430dANALYSIS DATE: 2022-11-15T05:01:13ZTTPS: T1060, T1112, T1012, T1120, T1082 ScoreMeaningExample10Known badA malware...

Malware Analysis – nitro – 1b01b176dcc36b86e657dc05e680b39a

November 15, 2022

Score: 10 MALWARE FAMILY: nitroTAGS:family:nitro, persistence, ransomware, spyware, stealerMD5: 1b01b176dcc36b86e657dc05e680b39aSHA1: 520a2dd58117656709b09444b37682cdccff07efANALYSIS DATE: 2022-11-15T05:30:38ZTTPS: T1060, T1112, T1491, T1005, T1081, T1102 ScoreMeaningExample10Known...

Malware Analysis – djvu – cbdf6a2d83ff8f674a70ec0bbee7e279

November 15, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: cbdf6a2d83ff8f674a70ec0bbee7e279SHA1: eafd89bb91656aabaff1d3a3b58e798d85e54767ANALYSIS DATE: 2022-11-15T05:28:50ZTTPS: T1005, T1081, T1060, T1112,...

Malware Analysis – amadey – 556620100652076e0efed4b48a0c7499

November 15, 2022

Malware Analysis – – b81672770e0610b00421c8822ed8b1d2

November 15, 2022

Score: 1 MALWARE FAMILY: TAGS:MD5: b81672770e0610b00421c8822ed8b1d2SHA1: 9d4c8a7a309957cd9bbf95a1e750cc60760402cbANALYSIS DATE: 2022-11-15T05:19:53ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

threatintel

Google to Pay a record $391M fine for misleading users about the collection of location data

Previously undetected Earth Longzhi APT group is a subgroup of APT41

Avast details Worok espionage group’s compromise chain

Advanced threat predictions for 2023

Malware Analysis – djvu – bf29eecd8ccb668323d7f61ff026b109

Malware Analysis – amadey – 6b635d80897c987ca64e28cc9004a249

Black Basta Ransomware Victim: Kessing Rechtsanwälte und Fachanwälte in PartGmbB

Malware Analysis – persistence – bbb2eb960cccf3d863bacb7a2f37c07e

Malware Analysis – evasion – f582c50979a0af794c0f2d3b8f94ab16

Malware Analysis – nitro – 5c3f73f74ff01937543395e7c97af556

Malware Analysis – azov – c85b63aa4526b91acc9ad26f2b142688

Malware Analysis – nitro – 1b01b176dcc36b86e657dc05e680b39a

Malware Analysis – djvu – cbdf6a2d83ff8f674a70ec0bbee7e279

Malware Analysis – amadey – 556620100652076e0efed4b48a0c7499

Malware Analysis – – b81672770e0610b00421c8822ed8b1d2

Cobalt Stike Beacon Detected – 143[.]198[.]93[.]238:443

Cobalt Stike Beacon Detected – 149[.]28[.]81[.]98:8080

Cobalt Stike Beacon Detected – 13[.]212[.]115[.]80:443

Cobalt Stike Beacon Detected – 185[.]217[.]1[.]26:5000

Cobalt Stike Beacon Detected – 31[.]41[.]244[.]142:80

Cobalt Stike Beacon Detected – 112[.]121[.]168[.]101:443

Cobalt Stike Beacon Detected – 20[.]120[.]14[.]61:80

Cobalt Stike Beacon Detected – 81[.]68[.]227[.]204:6666

Cobalt Stike Beacon Detected – 139[.]159[.]142[.]2:443

[SARCOMA] – Ransomware Victim: Jacquet Weston Engineering

[SARCOMA] – Ransomware Victim: compass-underwriting-ltd

[SARCOMA] – Ransomware Victim: cana group corp

[LYNX] – Ransomware Victim: Sentinel Systems

[LYNX] – Ransomware Victim: Angotti & Reilly

You may have missed