GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

https://media.infosec.exchange/infosecmedia/media_attachments/files/110/115/115/035/162/000/original/1308469922c6d116.png

Notices where this attachment appears

  1. Embed this notice
    Brad (malware_traffic@infosec.exchange)'s status on Friday, 31-Mar-2023 09:54:36 JST Brad Brad

    Some info tweeted by my fellow Palo Alto Networks colleagues on the birdsite!

    2023-03-30 (Thursday): Kudos to my Palo Alto Networks colleagues who found and reported a new ransomware calling itself "Cylance Ransomware"

    These #CylanceRansomware samples are available at Malware Bazaar.

    Linux ELF: https://bazaar.abuse.ch/sample/d1ba6260e2c6bf82be1d6815e19a1128aa0880f162a0691f667061c8fe8f1b2c/

    Windows EXE: https://bazaar.abuse.ch/sample/7a5e813ec451cde49346d7e18aca31065846cafe52d88d08918a297196a6a49f/

    I saw the following HTTP POST requests from my test of #CylanceRansomware EXE for Windows:

    - hxxp://139.99.233[.]175/r1.php
    - hxxp://139.99.233[.]175/r2.php

    The HTTP POST traffic sent a base64 string with info on victim & encrypted files.

    No traffic when I ran the #CylanceRansomware ELF in Linux

    And as some of you may know, Cylance is the name Blackberry uses for it's enterprise cybersecurity products.

    In conversation Friday, 31-Mar-2023 09:54:36 JST from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.