threatintel

China-linked Budworm APT returns to target a US entity

October 14, 2022

The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber...

Malware Analysis – discovery – 62ef87c70c996498897a2bd2c4474f40

October 14, 2022

Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 62ef87c70c996498897a2bd2c4474f40SHA1: 9d65655635fff42e5a1123e2d0ab8a47ead1b128ANALYSIS DATE: 2022-10-13T17:25:14ZTTPS: T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – evasion – 596b2e0ece6c7312d7ef62442c602ef0

October 14, 2022

Score: 5 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 596b2e0ece6c7312d7ef62442c602ef0SHA1: a18bcc5d91b5095cbcb067e388c866f7e92a71b6ANALYSIS DATE: 2022-10-13T17:47:21ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – adware – 63ac37f23344ad69ab9afbf47b2aa5c0

October 14, 2022

Score: 9 MALWARE FAMILY: adwareTAGS:adware, discovery, exploit, persistence, stealer, upxMD5: 63ac37f23344ad69ab9afbf47b2aa5c0SHA1: ae22db3f182f5a83e10a51d53818c793eac5321fANALYSIS DATE: 2022-10-13T17:31:21ZTTPS: T1012, T1120, T1082, T1112, T1176, T1060,...

Malware Analysis – ransomware – 6a959ecb7fdcb54b7122d32e67813f20

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 6a959ecb7fdcb54b7122d32e67813f20SHA1: 6aa57ae89078481517dc6aeb1847ca63de37d5ccANALYSIS DATE: 2022-10-13T17:36:18ZTTPS: T1082, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – persistence – 0aea809da938c9d6becc272c8cc28981

October 14, 2022

Score: 9 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 0aea809da938c9d6becc272c8cc28981SHA1: fa4c0407ce36766ddfc679015db60153ddcaba28ANALYSIS DATE: 2022-10-13T17:37:37ZTTPS: T1060, T1112, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – persistence – 590bc9fcb99792381fa2464ade28e568

October 14, 2022

Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, upxMD5: 590bc9fcb99792381fa2464ade28e568SHA1: 0f6dc97201adccf195cb56596aaf3347b45f8f23ANALYSIS DATE: 2022-10-13T17:54:29ZTTPS: T1060, T1112, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – 66e97e554dfd83e8bdf1e5ab9a9977f0

October 14, 2022

Score: 7 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 66e97e554dfd83e8bdf1e5ab9a9977f0SHA1: 027aba4bb78e0d35d7b3c41de839dbea95fc2485ANALYSIS DATE: 2022-10-13T17:47:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – ransomware – 68ab3a800ba4aff11bd133c5b3f644b0

October 14, 2022

Score: 7 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 68ab3a800ba4aff11bd133c5b3f644b0SHA1: 2e6274c8a7bce76f19d60e0d51c71aa0fc5a2db9ANALYSIS DATE: 2022-10-13T17:47:27ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – ransomware – 6149a3aaffbd61d47b7205f6f6bc9950

October 14, 2022

Score: 7 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 6149a3aaffbd61d47b7205f6f6bc9950SHA1: f81c6b990a3d5d39819372d1b42caf6c87cbd2acANALYSIS DATE: 2022-10-13T17:47:25ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...

Malware Analysis – ransomware – 84c0faeb49c750a6d06eb577c72b157a

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 84c0faeb49c750a6d06eb577c72b157aSHA1: ba0a42619666eeabce0c8cd71e333f6bc0b01934ANALYSIS DATE: 2022-10-13T18:25:45ZTTPS: T1082, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – persistence – 6b5472130c019278bc95130b43ed4200

October 14, 2022

Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 6b5472130c019278bc95130b43ed4200SHA1: aa8d019fcde053717a006541c1136c037aef3c5bANALYSIS DATE: 2022-10-13T18:12:30ZTTPS: T1107, T1490, T1082, T1112, T1060 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – persistence – 60e1f05e13430883a21411c913f26f60

October 14, 2022

Score: 10 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 60e1f05e13430883a21411c913f26f60SHA1: 058d45a4b81078b9b6745800d480f0438d68dfd7ANALYSIS DATE: 2022-10-13T18:12:32ZTTPS: T1112, T1060, T1107, T1490, T1082 ScoreMeaningExample10Known badA malware family was...

Malware Analysis – ransomware – 7dc1daf6d485f3da50197ca111a13aa1

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 7dc1daf6d485f3da50197ca111a13aa1SHA1: c1961c5fb878f5405bfb169efc4cd5c3abf660fbANALYSIS DATE: 2022-10-13T18:25:47ZTTPS: T1082, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – djvu – 57fbd1d9402810d8d8c144cf8b812c57

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, backdoor, collection, discovery, persistence, ransomware, trojan, vmprotectMD5: 57fbd1d9402810d8d8c144cf8b812c57SHA1: 0cabcaf4d52cf0ebd9099962df463174a7cd44d8ANALYSIS DATE: 2022-10-13T20:37:14ZTTPS: T1012, T1120, T1082,...

Malware Analysis – ransomware – 765573cb3640de462fc0ef09eaa4173b

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 765573cb3640de462fc0ef09eaa4173bSHA1: 5b5c86c33571ef91165c506df8aa019be56337a5ANALYSIS DATE: 2022-10-13T18:25:49ZTTPS: T1107, T1490, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – ransomware – 7e43155884a8ac94fb38a37e06e0bce2

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 7e43155884a8ac94fb38a37e06e0bce2SHA1: d81d93725d21485ad558450a94d8f6f958361c8cANALYSIS DATE: 2022-10-13T18:25:53ZTTPS: T1082, T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – ransomware – 6592b4c9114ea85a25250c39475a9cb1

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 6592b4c9114ea85a25250c39475a9cb1SHA1: 21f11d0fd74d719c475d83e97a15658ab88ea3f0ANALYSIS DATE: 2022-10-13T18:25:51ZTTPS: T1107, T1490, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Cobalt Stike Beacon Detected – 1[.]116[.]186[.]39:80

October 14, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – ransomware – cb69ab71c32bb54c03da29997c87006f

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: cb69ab71c32bb54c03da29997c87006fSHA1: b4ea4cd2b0cbcedda6699fcb5dc4628508308938ANALYSIS DATE: 2022-10-13T21:01:04ZTTPS: T1091, T1005, T1081, T1082, T1107, T1490 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – 31db9b909905d09dd810e8646b9832e7

October 14, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 31db9b909905d09dd810e8646b9832e7SHA1: 0172f26ce10cfa9babe1f588afa48f7f8c6a8202ANALYSIS DATE: 2022-10-13T21:32:47ZTTPS: T1082, T1053, T1012, T1060,...

Malware Analysis – smokeloader – b2b0d1eb9dc82a0bb8e2249074877456

October 14, 2022

Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: b2b0d1eb9dc82a0bb8e2249074877456SHA1: 9bf42aba78d6a4d09e5dc164b5011a1b28a8c0b5ANALYSIS DATE: 2022-10-13T21:33:48ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – 62f6a62754f16eee9a5952bd4ffe5b19

October 14, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 62f6a62754f16eee9a5952bd4ffe5b19SHA1: 2b7874c83f4e2fe18d15d4434325148d4bbeb111ANALYSIS DATE: 2022-10-13T21:21:04ZTTPS: T1107, T1490, T1091, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...

Cobalt Stike Beacon Detected – 54[.]242[.]33[.]176:80

October 14, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

threatintel

China-linked Budworm APT returns to target a US entity

Malware Analysis – discovery – 62ef87c70c996498897a2bd2c4474f40

Malware Analysis – evasion – 596b2e0ece6c7312d7ef62442c602ef0

Malware Analysis – adware – 63ac37f23344ad69ab9afbf47b2aa5c0

Malware Analysis – ransomware – 6a959ecb7fdcb54b7122d32e67813f20

Malware Analysis – persistence – 0aea809da938c9d6becc272c8cc28981

Malware Analysis – persistence – 590bc9fcb99792381fa2464ade28e568

Malware Analysis – ransomware – 66e97e554dfd83e8bdf1e5ab9a9977f0

Malware Analysis – ransomware – 68ab3a800ba4aff11bd133c5b3f644b0

Malware Analysis – ransomware – 6149a3aaffbd61d47b7205f6f6bc9950

Malware Analysis – ransomware – 84c0faeb49c750a6d06eb577c72b157a

Malware Analysis – persistence – 6b5472130c019278bc95130b43ed4200

Malware Analysis – persistence – 60e1f05e13430883a21411c913f26f60

Malware Analysis – ransomware – 7dc1daf6d485f3da50197ca111a13aa1

Malware Analysis – djvu – 57fbd1d9402810d8d8c144cf8b812c57

Malware Analysis – ransomware – 765573cb3640de462fc0ef09eaa4173b

Malware Analysis – ransomware – 7e43155884a8ac94fb38a37e06e0bce2

Malware Analysis – ransomware – 6592b4c9114ea85a25250c39475a9cb1

Cobalt Stike Beacon Detected – 1[.]116[.]186[.]39:80

Malware Analysis – ransomware – cb69ab71c32bb54c03da29997c87006f

Malware Analysis – djvu – 31db9b909905d09dd810e8646b9832e7

Malware Analysis – smokeloader – b2b0d1eb9dc82a0bb8e2249074877456

Malware Analysis – ransomware – 62f6a62754f16eee9a5952bd4ffe5b19

Cobalt Stike Beacon Detected – 54[.]242[.]33[.]176:80

[LYNX] – Ransomware Victim: communisis[.]com & paragon[.]world

Cobalt Strike Beacon Detected – 154[.]64[.]231[.]1:8443

Cobalt Strike Beacon Detected – 47[.]92[.]135[.]251:8443

Cobalt Strike Beacon Detected – 120[.]46[.]151[.]73:80

Cobalt Strike Beacon Detected – 51[.]79[.]214[.]246:443

You may have missed