Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
7 résultats taggé trellix  ✕
Inside the LockBit's Admin Panel Leak: Affiliates, Victims and Millions in Crypto https://www.trellix.com/blogs/research/inside-the-lockbits-admin-panel-leak-affiliates-victims-and-millions-in-crypto/
14/06/2025 22:41:18
QRCode
archive.org

On May 7, 2025, the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘Don’t do crime CRIME IS BAD xoxo from Prague’ and shared a SQL dump of their admin panel database in an archived file ‘paneldb_dump.zip’:

There is not much information available regarding the individual identified as 'xoxo from Prague' whose objective seems to be the apprehension of malicious ransomware threat actors. It is uncommon for a major ransomware organization's website to be defaced; more so for its administrative panel to be compromised. This leaked SQL database dump is significant as it offers insight into the operational methods of LockBit affiliates and the negotiation tactics they employ to secure ransom payments from their victims.

Trellix Advanced Research Center’s investigations into the leaked SQL database confirmed with high confidence that the database originates from LockBit's affiliates admin panel. This panel allows the generation of ransomware builds for victims, utilizing LockBit Black 4.0 and LockBit Green 4.0, compatible with Linux, Windows and ESXi systems, and provides access to victim negotiation chats.

The leaked SQL database dump encompasses data from December 18, 2024 to April 29, 2025, including details pertaining to LockBit adverts (aka ransomware affiliates), victim organizations, chat logs, cryptocurrency wallets and ransomware build configurations.

trellix EN 2025 LockBit Leak Affiliates Crypto research
When Guardians Become Predators: How Malware Corrupts the Protectors https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/
27/11/2024 09:15:01
QRCode
archive.org

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.

trellix EN 2024 research Avast Anti-Rootkit driver malware aswArPot.sys malware analysis
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting https://www.trellix.com/blogs/research/a-catalog-of-hazardous-av-sites-a-tale-of-malware-hosting/
25/05/2024 21:52:52
QRCode
archive.org

In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.

trellix EN 2024 fake antivirus AV malicious research
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups https://www.trellix.com/en-ca/blogs/research/the-lockbit-name-is-back-along-with-its-imposters-and-new-opportunistic-ransomware-groups/
24/04/2024 12:32:13
QRCode
archive.org

The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement's (LE) "Operation Cronos" aimed at dismantling LockBit's infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation. Concurrently, alongside the resurgence of LockBit's exploitation of ScreenConnect vulnerabilities, we have seen other threat actors have either impersonated LockBit ransomware or incorporated LockBit into their own cyber attack campaigns.

Trellix EN 2024 LockBit-related LockBit campaigns ransomware LockBitSupp
Scanning Danger: Unmasking the Threats of Quishing https://www.trellix.com/about/newsroom/stories/research/scanning-danger-unmasking-the-threats-of-quishing/
08/12/2023 14:18:12
QRCode
archive.org
thumbnail

In this blog, we explore the modus operandi of threat actors utilizing QR code attacks, by examining recent and widespread quishing campaigns detected by Trellix.

trellix EN 2023 Quishing QRCode QR analysis attacks
Shining Light on Dark Power: Yet Another Ransomware Gang https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
25/03/2023 21:11:57
QRCode
archive.org
thumbnail

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.

trellix EN 2023 DarkPower ransomware gang research
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html
25/09/2022 12:00:13
QRCode
archive.org
thumbnail

Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.

trellix EN 2022 CVE-2007-4559 tarfile Python vulnerability
4460 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio