Found 29 bookmarks
Custom sorting
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments: CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system. CVE-2024-49113: A denial-of-service (DoS) vulnerability that can be exploited to crash the LDAP service, leading to service disruptions. In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing malware.
#trendmicro#EN#2025#malware#Stealer#research#LDAPNightmare#fake#PoC#CVE-2024-49113
·trendmicro.com·
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
A Dive into Earth Baku’s Latest Campaign
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
#trendmicro#EN#2024#APT41#malware#apt-&-targeted-attacks#research#EarthBaku#reports
·trendmicro.com·
A Dive into Earth Baku’s Latest Campaign
DarkGate Opens Organizations for Attack via Skype, Teams
DarkGate Opens Organizations for Attack via Skype, Teams
From July to September, we observed the DarkGate campaign (detected by Trend Micro as TrojanSpy.AutoIt.DARKGATE.AA) abusing instant messaging platforms to deliver a VBA loader script to victims. This script downloaded and executed a second-stage payload consisting of a AutoIT scripting containing the DarkGate malware code. It’s unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization.
#trendmicro#EN#2024#malware#DarkGate#Skype#Teams
·trendmicro.com·
DarkGate Opens Organizations for Attack via Skype, Teams
A Closer Look at ChatGPT's Role in Automated Malware Creation
A Closer Look at ChatGPT's Role in Automated Malware Creation
As the use of ChatGPT and other artificial intelligence (AI) technologies becomes more widespread, it is important to consider the possible risks associated with their use. One of the main concerns surrounding these technologies is the potential for malicious use, such as in the development of malware or other harmful software. Our recent reports discussed how cybercriminals are misusing the large language model’s (LLM) advanced capabilities: We discussed how ChatGPT can be abused to scale manual and time-consuming processes in cybercriminals’ attack chains in virtual kidnapping schemes. We also reported on how this tool can be used to automate certain processes in harpoon whaling attacks to discover “signals” or target categories.
#trendmicro#EN#2023#malware#articles#news#reports#research#ChatGPT
·trendmicro.com·
A Closer Look at ChatGPT's Role in Automated Malware Creation
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
#trendmicro#EN#2023#malware#endpoints#BlackCat#WinSCP#report#SpyBoy#GoogleAds
·trendmicro.com·
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
#trendmicro#EN#2023#malware#cyber-crime#LemonGroup#Preinfected#Guerrilla#Android#mobile#mobile-device#IoT#AndroidOS_Guerilla
·trendmicro.com·
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Raspberry Robin Malware Targets Telecom, Governments
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.
#trendmicro#EN#2022#malware#apt#endpoints#RaspberryRobin#obfuscation#analysis
·trendmicro.com·
Raspberry Robin Malware Targets Telecom, Governments
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
Raspberry Robin Malware Targets Telecom, Governments
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.
#trendmicro#EN#2022#malware#apt#endpoints#RaspberryRobin#obfuscation#analysis
·trendmicro.com·
Raspberry Robin Malware Targets Telecom, Governments
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware
#trendmicro#EN#2022#analysis#lockbit#blackmatter#malware
·trendmicro.com·
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities