In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
