threatintel

Cobalt Stike Beacon Detected – 185[.]8[.]105[.]66:80

October 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 157[.]245[.]153[.]234:8443

October 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 52[.]7[.]230[.]192:443

October 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 198[.]251[.]84[.]108:80

October 10, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – evasion – 2067b087c553ec770b61b36c6dfc8aa5

October 10, 2022

Score: 9 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 2067b087c553ec770b61b36c6dfc8aa5SHA1: 038879f23ff375a11fbabc654b7e12e891496449ANALYSIS DATE: 2022-10-09T20:23:03ZTTPS: T1107, T1490, T1082, T1031 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...

Malware Analysis – ransomware – 43902bf87add073c555196712a70e5a0

October 10, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 43902bf87add073c555196712a70e5a0SHA1: d484c47298581385e57c06b74267d85870817aaeANALYSIS DATE: 2022-10-09T20:23:04ZTTPS: T1082, T1107, T1490, T1091, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – ransomware – ba86411533a04b3a1069fcf9747f9d24

October 10, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: ba86411533a04b3a1069fcf9747f9d24SHA1: a6b27d7b35e3e46e9a95e0ae58e80add666c9a5eANALYSIS DATE: 2022-10-09T20:23:04ZTTPS: T1082, T1107, T1490, T1091, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – ransomware – ebea92f74f95d15a2a673e3f7aeb0318

October 10, 2022

Score: 9 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: ebea92f74f95d15a2a673e3f7aeb0318SHA1: f2c9bd9d27583e3a71d16925326eea614f172e2dANALYSIS DATE: 2022-10-09T20:23:03ZTTPS: T1082, T1107, T1490, T1091, T1005, T1081 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – 91072a7519fc9af6e2460772cd9db1b2

October 10, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 91072a7519fc9af6e2460772cd9db1b2SHA1: c088d260adbd138fefb5bed1ed2fa4365a83b33eANALYSIS DATE: 2022-10-09T20:59:33ZTTPS: T1064, T1222,...

Malware Analysis – djvu – 726611b4d93637d50b70e10628d63b92

October 10, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 726611b4d93637d50b70e10628d63b92SHA1: 40d73e0c0154ee4992b530c64979cb2b5b740cbaANALYSIS DATE: 2022-10-09T21:28:41ZTTPS: T1064, T1114,...

Malware Analysis – djvu – 81fec1a7d173021ed64be67ec2a74819

October 10, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:redline, family:smokeloader, botnet:newpatch13, backdoor, collection, discovery, infostealer, persistence, ransomware, spyware, stealer, trojanMD5: 81fec1a7d173021ed64be67ec2a74819SHA1: 33fb04cfccdaa3cf41a38ba223a88290367d8b91ANALYSIS DATE:...

Malware Analysis – evasion – ab1eecb4dc61552200148fad5de653ed

October 10, 2022

Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: ab1eecb4dc61552200148fad5de653edSHA1: 167e25b660ac079146968cc546bff8e51cb2a580ANALYSIS DATE: 2022-10-09T22:51:28ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

October 9, 2022

Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. In March 2022, the Everest...

LockBit 3.0 Ransomware Victim: dragages-ports[.]fr

October 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: cedemo[.]com

October 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: buydps[.]com

October 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: alliedusa[.]com

October 9, 2022

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Malware Analysis – djvu – 0184dbbad3f6b34d794bd88d865990d0

October 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 0184dbbad3f6b34d794bd88d865990d0SHA1: 377916b926221b3930ada62a6660b7fd8a07564eANALYSIS DATE: 2022-10-09T14:07:00ZTTPS: T1012, T1120,...

Malware Analysis – djvu – f1f8241eb686b262929f338d29bfc974

October 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: f1f8241eb686b262929f338d29bfc974SHA1: 872af4956689af2fe41e4e397c82e3ebb47df59bANALYSIS DATE: 2022-10-09T14:36:02ZTTPS:...

Malware Analysis – djvu – bfd1d31196f7df3a2dd5967a6e4e7e6e

October 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomwareMD5: bfd1d31196f7df3a2dd5967a6e4e7e6eSHA1: cb23db2bb8b778a1f1cc44b49ec6f0f687e61b80ANALYSIS DATE: 2022-10-09T14:02:23ZTTPS: T1053, T1060, T1112, T1222, T1082 ScoreMeaningExample10Known badA malware...

Malware Analysis – – caa0cb2ca1ec235ba1074bfe48a1e2f9

October 9, 2022

Score: 3 MALWARE FAMILY: TAGS:MD5: caa0cb2ca1ec235ba1074bfe48a1e2f9SHA1: f5cbb7d060718d95fa4db4ab52b85bdc68472f0fANALYSIS DATE: 2022-10-09T15:27:40ZTTPS: T1112, T1130, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...

Malware Analysis – djvu – c1c7a47ae8595bc90d05c9f6513efd83

October 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: c1c7a47ae8595bc90d05c9f6513efd83SHA1: 41b8ea756a76d5e711d85ef343ba0185a31603d7ANALYSIS DATE: 2022-10-09T16:07:23ZTTPS:...

HIVE Ransomware Victim: Município De Loures

October 9, 2022

HIVE Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...

Malware Analysis – djvu – 0b57f8c7cd3b5006208e5a1b2db63213

October 9, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, backdoor, collection, discovery, persistence, ransomware, trojanMD5: 0b57f8c7cd3b5006208e5a1b2db63213SHA1: 210e31464dfa6983cbb000ab9820880f6f00b1fcANALYSIS DATE: 2022-10-09T15:45:52ZTTPS: T1012, T1120, T1082, T1222,...

threatintel

Cobalt Stike Beacon Detected – 185[.]8[.]105[.]66:80

Cobalt Stike Beacon Detected – 157[.]245[.]153[.]234:8443

Cobalt Stike Beacon Detected – 52[.]7[.]230[.]192:443

Cobalt Stike Beacon Detected – 198[.]251[.]84[.]108:80

Malware Analysis – evasion – 2067b087c553ec770b61b36c6dfc8aa5

Malware Analysis – ransomware – 43902bf87add073c555196712a70e5a0

Malware Analysis – ransomware – ba86411533a04b3a1069fcf9747f9d24

Malware Analysis – ransomware – ebea92f74f95d15a2a673e3f7aeb0318

Malware Analysis – djvu – 91072a7519fc9af6e2460772cd9db1b2

Malware Analysis – djvu – 726611b4d93637d50b70e10628d63b92

Malware Analysis – djvu – 81fec1a7d173021ed64be67ec2a74819

Malware Analysis – evasion – ab1eecb4dc61552200148fad5de653ed

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

LockBit 3.0 Ransomware Victim: dragages-ports[.]fr

LockBit 3.0 Ransomware Victim: cedemo[.]com

LockBit 3.0 Ransomware Victim: buydps[.]com

LockBit 3.0 Ransomware Victim: alliedusa[.]com

Malware Analysis – djvu – 0184dbbad3f6b34d794bd88d865990d0

Malware Analysis – djvu – f1f8241eb686b262929f338d29bfc974

Malware Analysis – djvu – bfd1d31196f7df3a2dd5967a6e4e7e6e

Malware Analysis – – caa0cb2ca1ec235ba1074bfe48a1e2f9

Malware Analysis – djvu – c1c7a47ae8595bc90d05c9f6513efd83

HIVE Ransomware Victim: Município De Loures

Malware Analysis – djvu – 0b57f8c7cd3b5006208e5a1b2db63213

[KAIROS] – Ransomware Victim: fredsalvuccicorp[.]com

[BABUK2] – Ransomware Victim: Mandarin[.]com[.]br By Babuk Locker 2[.]0

[AKIRA] – Ransomware Victim: Fickling & Company

[RANSOMHUB] – Ransomware Victim: www[.]hexosys[.]com

[AKIRA] – Ransomware Victim: Callico Distributors, Inc[.]

You may have missed