SENTINEL APEX ADVISORY
Reference ID: CDB-APEX-1771159688 | GOC-Verified Intelligence
The CyberDudeBivash Sentinel APEX engine has autonomously triaged the following threat vectors. Adversary infrastructure has been enriched with geospatial and reputation data.
[#] MITRE ATT&CK® Tactical Attribution
| Technique ID | Tactical Category |
|---|---|
| T1566 | Initial Access |
| T1071 | C2 |
Forensic Evidence (IOCs)
IPV4: 8.8.8.8
SHA256: a4069aa29628e64ea63b4fb3e29d16dcc368c5add304358a47097eedafbbb565, 4b036cc9930bb42454172f888b8fde1087797fc0c9d31ab546748bd2496bd3e5, 18a507bf1c533aad8e6f2a2b023fbbcac02a477e8f05b095ee29b52b90d47421, A4F0B68052E8DA9A80B70407A92400C6A5DEF19717E0240AC608612476E1137E, f51b3d054995803d04a754ea3ff7d31823fab654393e8054b227092580be43db, 88f26f3721076f74996f8518469d98bf9be0eaee5b9eccc72867ebfc25ea4e83, 2814b33ce81d2d2e528bb1ed4290d665569f112c9be54e65abca50c41314d462, 7b9e12e3561285181634ab32015eb653ab5e5cfa157dd16cdd327104b258c332, a1abc3d11c16ae83b9a7cf62ebe6d144dfc5e19b579a99bad062a9d31cf30bfe, 97931d2e2e449ac3691eb526f6f60e2f828de89074bdac07bd7dbdfd51af9fa0, 28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f, 1845a910dcde8c6e45ad2e0c48439e5ab8bbbeb731f2af11a1b7bbab3bfe0127, 94bf0aba5f9f32b9c35e8dfc70afd8a35621ed6ef084453dc1b10719ae72f8e2, 70bb799557da5ac4f18093decc60c96c13359e30f246683815a512d7f9824c8f, dfb5ba578b81f05593c047f2c822eeb03785aecffb1504dcb7f8357e898b5024, 44887125aa2df864226421ee694d51e5535d8c6f70e327e9bcb366e43fd892c1, e4d6fe517cdf3790dfa51c62457f5acd8cb961ab1f083de37b15fd2fddeb9b8f, 8eb7e3e8f3ee31d382359a8a232c984bdaa130584cad11683749026e5df1fdc3, da692ea0b7f24e31696f8b4fe8a130dbbe3c7c15cea6bde24cccc1fb0a73ae9e, fba4883bf4f73aa48a957d894051d78e0085ecc3170b1ff50e61ccec6aeee2cd, 8b448f47e36909f3a921b4ff803cf3a61985d8a10f0fe594b405b92ed0fc21f1, 7a43789216ce242524e321d2222fa50820a532e29175e0a2e685459a19e09069, FAFCD5404A992850FFCFFEE46221F9B2FF716006AECB637B80E5CD5AA112D79C, 1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069, a70af759e38219ca3a7f7645f3e103b13c9fb1db6d13b68f3d468b7987540ddf, ff7ad2376ae01e4b3f1e1d7ae630f87b8262b5c11bc5d953e1ac34ffe81401b5, d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb, 68A49D5A097E3850F3BB572BAF2B75A8E158DADB70BADDC205C2628A9B660E7A, 078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b, 64a0ab00d90682b1807c5d7da1a4ae67cde4c5757fc7d995d8f126f0ec8ae983, 73a9a1e38ff40908bcc15df2954246883dadfb991f3c74f6c514b4cffdabde66, C20BABA26EBB596DE14B403B9F78DDC3C13CE9870EEA332476AC2C1DD582AA07, 1d04e33009bcd017898b9e1387e40b5c04279c02ebc110f12e4a724ccdb9e4fb, e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1, 70EE22D394E107FBB807D86D187C216AD66B8537EDC67931559A8AEF18F6B5B3, c733d85f445004c9d6918f7c09a1e0d38a8f3b37ad825cd544b865dba36a1ba6, d535bdc9970a3c6f7ebf0b229c695082a73eaeaf35a63cd8a0e7e6e3ceb22795, 96babe53d6569ee3b4d8fc09c2a6557e49ebc2ed1b965abda0f7f51378557eb1, f2bbba1ea0f34b262f158ff31e00d39d89bbc471d04e8fca60a034cabe18e4f4
MD5: 33e692f435d6cf3c637ba54836c63373, 64e3a3458b3286caaac821c343d4b208, B7B3647E06F23B9E83D0B1CCE3E71642, 20b70dac937377b6d0699a44721acd80, 0777EA1D01DAD6DC261A6B602205E2C8, de778443619f37e2224898a9a800fa78, C9F4C41C195B25675BFA860EB9B45945, eba9ae70d1b22de67b0eba160a6762d8, feda15d3509b210cb05eacc22485a78c
DOMAIN: CSA-CISCO-SMART-INSTALL-PROTOCOL-MISUSE.PDF, www.naruc.org, TCLproxy.tcl, 20Activity.jpg, RingQ.rar, us.af.mil, conhost.dll, skw.gov.pl, doi.org, PuTTY.exe, www.ncsc.gov.uk, www.nsa.gov, cyber.gc.ca, best-practices-for-event-logging-and-threat-detection.pdf, AA25-203A-interlock-stix.xml, aa25-203a-stopransomware-interlock-072225.pdf, autorun.log, ld-linux-x86-64.so, cyber.gov.au, Last.txt, blog.talosintelligence.com, hygiene-improvement-after-conducting-proactive-threat-hunt-508c.pdf, web.config, Webex.exe, aaa.zip, puttyportable.exe, www.europol.europa.eu, nsa.gov, www.uscg.mil, processhacker-2.39-bin.zip, www.darkreading.com, web.xml, www.cisa.gov, AnyConnectVPN.exe, github.com, agent.tar, NIST.SP, krebsonsecurity.com, www.cnss.gov, machine.config, AA25-203A-interlock-stix.json, iox.rar, Rar.exe, cas.docs.cisecurity.org, RingQ.exe, cyber.go.jp, 20METHODOLOGY.PDF, Stopransomware.gov, media.defense.gov, bfv.bund.de, 20DEVICES.PDF, www.cyber.gov.au, PuTTYPortable.zip, Ivanti-Secure-Access-Client.exe, linux-exploit-suggester2.pl, www.cve.org, d3fend.mitre.org, cisa.dhs.gov, putty.exe, cwe.mitre.org, smtp.gc.ca, www.etsi.org, hhs.gov, difxepi.dll, 13608-21.html, PsExec.exe, mycap.pcap, pages.nist.gov, commands.log, autoservice.dll, fact-sheet-implementing-phishing-resistant-mfa-508c.pdf, www.ofcom.org.uk, bnd.bund.de, myservices.cisa.gov, qrpce91.exe.asd, applicationHost.config, t.py, siet.py, iexplore.exe, Sysmon.sys, 20CTIME.pdf, report.ncsc.gov.uk, GlobalProtect.exe, nukib.gov.cz, pack.jar, Base.php, guidance-mobile-communications-best-practices.pdf, cleanup.dll, stopransomware.gov, tac.pcap, sp800-63b.html, www.bleepingcomputer.com, WinSCP-6.3.5-Setup.exe, tmp41.wasd, uscg.mil, www.securityweek.com, tclproxy.tcl, mail.cisa.dhs.gov, www.hhs.gov, ASP.NET, www.epa.gov, mm.sh, Handx.ashx, agentu.exe, ScreenConnect.ClientService.exe, 362.html, jar.jar, map.tcl, www.cisecurity.org, webujgd.lnk, 220270-use-cisco-ios-xe-hardening-guide.html, www.idfa.org, learn.microsoft.com, www.legislation.gov.uk, clickfix-attacks-sector-alert-tlpclear.pdf, aw.gov.pl, 1.txt, blog.sekoia.io, RinqQ.exe, cht.exe, www.cisco.com, 1.pcap, Aisa.exe, conhost.txt, sec.cloudapps.cisco.com, Cisco-Secure-Client.exe, 20NVIC.pdf, nsarchive.gwu.edu, resolv.conf, www.energy.gov, ofcom.org.uk, csrc.nist.gov, DC3.DCISE, supo.fi, www.tripwire.com, c.bat, ncsc.govt.nz, www.sicurezzanazionale.gov.it, SophosendpointAgent.exe, bsi.bund.de, www.fbi.gov, 95.html, tar.gz, Starship.exe, AnyDesk.exe, Policies.cfm, SophosScaner.exe, start.exe, cyber.int, klg.dll, blogs.microsoft.com, cyber.nsa.gov, FortiClient.exe, assets.publishing.service.gov.uk, Autostart.exe, cisecurity.org, StorageExplorer.exe, niccs.cisa.gov, attack.mitre.org, main.go, cisa.gov, 20copy.pdf, www.isa.org, www.mcafee.com, rundll32.exe, t1.sh, agent.zip, www.ic3.gov, aa.sh, ApplicationHost.config, conhost.exe
CVE: CVE-2018-0171, CVE-2026-24061, CVE-2023-20273, CVE-2023-46805, CVE-2024-36401, CVE-2016-5195, CVE-2026-21962, CVE-2024-3400, CVE-2024-21887, CVE-2026-1731, CVE-2023-20198
Geospatial Risk Tracking
GLOBAL THREAT DISTRIBUTION
* Red pulses indicate active IoC origins triaged in this sweep.
Correlated Intelligence Nodes
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have t...
Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division ...
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, althou...
Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Busin...
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attac...
With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft.
The post Over 300 Malicious Chrome Extensions Caught Leaki...
Other noteworthy stories that might have slipped under the radar: vulnerabilities at 277 water systems, DoD employee acting as money mule, 200 airports exposed by flaw.
The post Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat appear...
Hackers stole personal information such as names, addresses, and phone numbers from a customer contact system.
The post Dutch Carrier Odido Discloses Data Breach Impacting 6 Million ap...
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support.
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the net...
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild....
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators…
Advisory at a Glance
| Executive Summary | CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by th... Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System Executive summaryPeople’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus ... CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to high... #StopRansomware: Interlock SummaryNote: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include re... CVE-2017-20187 ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to ... CVE-2017-7252 bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.... CVE-2018-25092 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to addre... CVE-2018-25093 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The na... CVE-2020-28407
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.... This technical advisory was generated by the CyberDudeBivash Pvt. Ltd. Autonomous Engine. Machine-readable STIX 2.1 data and PDF whitepapers are available for authorized ingestion at our Command Center Dashboard. ▸▸ LATEST THREAT ADVISORIES
|