The Malwarebytes report said a new threat actor may be targeting Russian and pro-Russian individuals.
Hossein Jazi and Malwarebytes' Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals.
The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks feature a suspicious document named "Manifest.docx" that uniquely downloads and executes double attack vectors: remote template injection and CVE-2021-26411, an Internet Explorer exploit.
Jazi attributed the attack to the ongoing conflict between Russian and Ukraine, part of which centers on Crimea. The report notes that cyberattacks on both sides have been increasing.
But Jazi does note that the manifesto and Crimea information may be used as a false flag by the threat actors.
Malwarebytes' Threat Intelligence team discovered the "Манифест.docx" ("Manifest.docx") on July 21, finding that it downloads and executes the two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit.
The analysts found that the exploitation of CVE-2021-26411 resembled an attack launched by the Lazarus APT.
According to the report, the attackers combined social engineering and the exploit in order to increase their chances of infecting victims.
Malwarebytes was not able to attribute the attack to a specific actor, but said that a decoy document was displayed to victims that contained a statement from a group associating with a figure named Andrey Sergeevich Portyko, who allegedly opposes Russian President Vladimir Putin's policies on the Crimean Peninsula.
Jazi explained that the decoy document is loaded after the remote templates are loaded. The document is in Russian but is also translated into English.
The attack also features a VBA Rat that collects victim's info, identifies the AV product running on victim's machine, executes shell-codes, deletes files, uploads and downloads files while also reading disk and file systems information.
Jazi noted that instead of using well known API calls for shell code execution which can easily get flagged by AV products, the threat actor used the distinctive EnumWindows to execute its shell-code.
valabil si doctorul Fauci
2 hours ago
So he basically says the vaccine doesn’t work for the delta variant, but the blame is on the people who won’t get the vaccine (which doesn’t work). He must think we’re complete idiots at this point.
19 minutes ago
You have to take into account that there is literally brain dead sick people everywhere who still worship and follow this crap.
in curand in Romenistan:
CDC recomandă, din nou, purtarea măștii în interior, chiar și pentru vaccinați. Statele americane fără mască au avut mai puține cazuri de Covid decât cele cu mască. Contradicțiile lui Fauci.
BOMBĂ: CDC renunță la metoda de diagnosticare RT-PCR
Un editorial excepțional al lui Tucker Carlson,de la Fox News
Nu ar strica ceva detalii suplimentare. Public sau in privat.
Nume program, producator, link descarcare daca (mai) exista, etc.
Licentierea programelor este, in general, un aspect sensibil al dezvoltatorilor de software. Unii folosesc tehnologii realizate de altii pentru licentierea propriilor produse, unii se bazeaza pe propria inteligenta/creativitate.
Depinde foarte mult daca licenta achizitionata este (sau era) legata de o anumita platforma hardware (hardware ID, serie HDD ...), daca se asteapta vreun raspuns de pe un server online etc.
Exista o multitudine de modalitati de licentiere astfel incat fara detalii suplimentare nu cred ca putem veni cu solutia salvatoare. Solutie care poate exista ... sau nu.
Nu prea ai ce sa faci daca functionalitatea programului nu permite activarea licentei. Poti incerca sa dai ceasul cu cativa ani inapoi dar sunt slabe sanse sa functioneze (ulterior il dai inapoi). O versiune mai noua a programului nu si-ar face treaba? Poate poti discuta cu producatorul sa iti dea una noua