4 matches found
MAL-2024-11817 Malicious code in planweb-core-ui (npm)
This package contains code to download a second stage payload which establishes a C2 connection and persistence via registry keys. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acc967a53ff92a71f6b9518c692bf641aa3595a3b65f28cc403b471c0474b175 Any computer that has...
HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat
In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...
NamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation
This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the projects Invoke-SMBExec.ps1 and RoguePotato. I faced...
Additional Analysis into the SUNBURST Backdoor | McAfee Blogs
ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...