Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free

Event ID 4521 UUID 761270e6-3a97-4c18-9a44-a844cb5b562b  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”blog-post”x misp-galaxy:mitre-attack-pattern=”Scheduled Task – T1053″x misp-galaxy:mitre-attack-pattern=”Standard Non-Application Layer Protocol – T1095″x misp-galaxy:ransomware=”Lorenz Ransomware”x dnc:malware-type=”Ransomware”x enisa:nefarious-activity-abuse=”ransomware”x ecsirt:malicious-code=”ransomware”x malware_classification:malware-category=”Ransomware”x veris:action:malware:variety=”Ransomware”x Ransomwarex ms-caro-malware:malware-type=”Ransom”x ms-caro-malware-full:malware-type=”Ransom”x    Date 2022-09-12 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:37 #Attributes 61 (18 Objects) First recorded change 2022-09-15 07:43:15 … Read more

Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm

Event ID 4519 UUID 758d96ed-9dd4-4009-9270-65f2c3dd30cc  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp-galaxy:mitre-attack-pattern=”Bypass User Access Control – T1548.002″x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex misp-galaxy:tool=”BumbleBee”x ecsirt:intrusions=”backdoor”x veris:action:malware:variety=”Backdoor”x ms-caro-malware:malware-type=”Backdoor”x ms-caro-malware-full:malware-type=”Backdoor”x misp-galaxy:malpedia=”Bookworm”x    Date 2022-09-02 Threat Level Medium Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:31 #Attributes 23 (4 Objects) First recorded change 2022-09-09 07:28:51 Last change 2022-10-24 09:23:30 … Read more

Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Event ID 4520 UUID d4766c50-0269-4cda-acea-850ea4fdb198  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”blog-post”x misp-galaxy:cryptominers=”Hezb”x misp-galaxy:threat-actor=”Hezb”x misp-galaxy:botnet=”Dark.IoT”x malware_classification:malware-category=”Botnet”x    Date 2022-06-22 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:33 #Attributes 18 (6 Objects) First recorded change 2022-09-13 11:46:36 Last change 2022-10-24 09:46:38 Modification map Sightings 0 (0) – … Read more

Remote Access Trojan RAT svchost.exe 163.172.160.227.4443 PCAP file download traffic sample

Download Attachments 1  vcleanDate added: January 26, 2018 5:47 am Added by: admin File size: 10 KB Downloads: 11 46 engines detected this file SHA-256 8a100d3324a2c579fcc56203d9f14e0d6e3448b3ed65769136c8dc21376ef0e5 File name vujpdi0f2gg.exe File size 135.5 KB Last analysis 2018-01-25 16:06:53 UTC Community score -192 Remote AccessContains a remote desktop related stringTries to identify its external IP addressUses network protocols on unusual portsPersistenceInjects into explorerModifies auto-execute functionality … Read more

Dridex Cridex Malware Banking Trojan PCAP file download traffic sample 144.76.246.246.443 fbl.com.sg/JHG76w23

Download Attachments 1  jhgDate added: January 26, 2018 5:40 am Added by: admin File size: 49 KB Downloads: 7 32 engines detected this file SHA-256 bad8a41d33fe0e4cce27f41005e498c0ac26eef9f59099ad2d538bc429e4d289 File name JHG76w23 File size 140 KB Last analysis 2018-01-26 03:17:24 UTC Community score -105 Ikarus Trojan.Kryptik Kaspersky Backdoor.Win32.Dridex.sr Malwarebytes Trojan.Dridex MAX malware (ai score=97) McAfee RDN/Generic.hbg McAfee-GW-Edition BehavesLike.Win32.PUPXAX.ch Palo Alto Networks generic.ml Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) SentinelOne … Read more