A new malware called TrueBot has shown up on the radar in May of 2023.
It’s been around since at least 2017, and its bad guys are using a variety of vulnerabilities in Netwrix software to spread their ransomware.
The company behind the malware, a group called Silence, also has some ties to the notorious Russian spy agency Evil Corp.
Its code uses CVE-2022-31199, a critical flaw in Netwirerix auditor, as well as Raspberry Robin as delivery vectors.
Once installed, the .exe executable connects to a known TrueBot IP address located in Russia to retrieve a second-stage executable (3ujwy2rz7v) that launches using Windows command-and-control.
This second stage executable takes control of the host through a C2 domain and exfiltrates information from the host.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply