GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Brad (malware_traffic@infosec.exchange)

  1. Embed this notice
    Brad (malware_traffic@infosec.exchange)'s status on Friday, 09-Feb-2024 06:01:29 JST Brad Brad

    Another #Ivanti CVE announced today (2024-02-08): https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways-282024

    In conversation about 10 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/897/824/646/986/518/original/f18fd00aef04390a.png
    2. Domain not in remote thumbnail source whitelist: static.ivanti.com
      Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Ivanti
      We have discovered a new vulnerability in Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways. We are reporting the vulnerability as CVE-2024-22024.
  2. Embed this notice
    Brad (malware_traffic@infosec.exchange)'s status on Friday, 31-Mar-2023 09:54:36 JST Brad Brad

    Some info tweeted by my fellow Palo Alto Networks colleagues on the birdsite!

    2023-03-30 (Thursday): Kudos to my Palo Alto Networks colleagues who found and reported a new ransomware calling itself "Cylance Ransomware"

    These #CylanceRansomware samples are available at Malware Bazaar.

    Linux ELF: https://bazaar.abuse.ch/sample/d1ba6260e2c6bf82be1d6815e19a1128aa0880f162a0691f667061c8fe8f1b2c/

    Windows EXE: https://bazaar.abuse.ch/sample/7a5e813ec451cde49346d7e18aca31065846cafe52d88d08918a297196a6a49f/

    I saw the following HTTP POST requests from my test of #CylanceRansomware EXE for Windows:

    - hxxp://139.99.233[.]175/r1.php
    - hxxp://139.99.233[.]175/r2.php

    The HTTP POST traffic sent a base64 string with info on victim & encrypted files.

    No traffic when I ran the #CylanceRansomware ELF in Linux

    And as some of you may know, Cylance is the name Blackberry uses for it's enterprise cybersecurity products.

    In conversation Friday, 31-Mar-2023 09:54:36 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosecmedia/media_attachments/files/110/115/113/078/669/540/original/2cb19d0ac41a9df5.png

    2. https://media.infosec.exchange/infosecmedia/media_attachments/files/110/115/114/525/380/555/original/6382a8f57e6b29a4.png

    3. https://media.infosec.exchange/infosecmedia/media_attachments/files/110/115/115/035/162/000/original/1308469922c6d116.png


    6. Domain not in remote thumbnail source whitelist: files.No
      files.no in parked

User actions

    Brad

    Brad

    Sharing information on malicious network traffic and malware samples

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          110394
          Member since
          31 Mar 2023
          Notices
          2
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.