Lucene search
K

109 matches found

thn
thn
added 2023/03/15 1:49 p.m.43 views

YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials...

1.4AI score
Exploits0
thn
thn
added 2023/02/03 3:3 p.m.5 views

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

6.7AI score
Exploits0
thn
thn
added 2022/10/10 1:10 p.m.25 views

New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control C2 infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider aka TA542, emerging in June 2014 as ...

1.7AI score
Exploits0
talosblog
talosblog
added 2022/08/30 12:0 p.m.33 views

ModernLoader delivers multiple stealers, cryptominers and RATs

By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies,...

0.5AI score
Exploits0
zdt
zdt
added 2022/06/14 12:0 a.m.268 views

Real Player v.20.0.8.310 G2 Control - DoGoToURL() Remote Code Execution Exploit

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full PoC:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2022/06/14 12:0 a.m.329 views

Real Player v.20.0.8.310 G2 Control - 'DoGoToURL()' Remote Code Execution (RCE)

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full...

7.4AI score
Exploits0
qualysblog
qualysblog
added 2022/05/09 4:40 a.m.34 views

Ursnif Malware Banks on News Events for Phishing Attacks

Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...

0.6AI score
Exploits0
thn
thn
added 2022/05/03 5:50 a.m.614 views

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to...

10CVSS0.5AI score0.99999EPSS
Exploits360
thn
thn
added 2021/04/20 5:33 a.m.66 views

Lazarus APT Hackers are now using BMP images to hide RAT malware

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap .BMP image file to drop a remote access trojan RAT capable of stealing sensitive information. Attributing the attack to the Lazarus Group...

0.1AI score
Exploits0
osv
osv
added 2020/11/17 2:15 p.m.4 views

CVE-2020-7841

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

8.8CVSS7.5AI score0.01512EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2020/09/15 12:0 a.m.2 views

Sharpshooter HTML Remote Code Execution

Sharpshooter is a tool to create HTA payloads and inject them to HTML Pages using JS. This tool may be used by attackers to remotely execute arbitrary code on the affected system...

4.2AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2020/09/10 12:0 a.m.2 views

Demiguise HTML Remote Code Execution

Demiguise is a tool to inject malicious payload in HTA format to HTML Pages using JS. This tool may be used by attackers to remotely execute arbitrary code on the affected system...

4.1AI score
Exploits0
kitploit
kitploit
added 2020/07/10 12:30 p.m.30 views

GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual stage VBS infection vector, and a dual stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an...

7.2AI score
Exploits0References1
zdt
zdt
added 2020/07/07 12:0 a.m.207 views

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An HTML Application HTA is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explore...

Exploits0
exploitdb
exploitdb
added 2020/07/07 12:0 a.m.295 views

Microsoft Windows mshta.exe 2019 - XML External Entity Injection

Exploit Title: Microsoft Windows mshta.exe 2019 - XML External Entity Injection Date: 2020-07-07 Exploit Author: hyp3rlinx Vendor homepage: https://www.microsofft.com/ CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2020/07/06 12:0 a.m.227 views

Microsoft Windows MSHTA.EXE .HTA File XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An...

Exploits0
threatpost
threatpost
added 2019/10/01 5:40 p.m.142 views

Hackers Turn to OpenDocument Format to Avoid AV Detection

Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because the...

7.1AI score
Exploits0References5
talosblog
talosblog
added 2019/09/30 8:35 a.m.101 views

Open Document format creates twist in maldoc landscape

By Warren Mercer and Paul Rascagneres. Introduction Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across other file formats, but today, we are showing a change of approach for an actor who has deemed...

7.1AI score
Exploits0
threatpost
threatpost
added 2019/09/27 11:25 a.m.148 views

Thousands of PCs Affected by Nodersok/Divergent Malware

New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own...

7.8AI score
Exploits0References7
carbonblack
carbonblack
added 2019/09/05 5:8 p.m.116 views

CB Threat Analysis Unit Technical Breakdown: GermanWiper Ransomware

Editor's Note: The TAU-TIN related to this write up can be located here. GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper th...

7.3AI score
Exploits0
Rows per page
Query Builder