Author: cnladmin

  • Magnibar Ransomware Abusing MoTW Zero Day

    Brief Summary MOTW was originally an Internet Explorer security feature. It broadened out into a way for your Windows devices to raise a warning when interacting with files downloaded from URL. Over time, it even contributed to preventing certain types of files from running. If you open a file flagged with MOTW, at the bare […]

  • Qakbot Malware Campaign Using Google Drive Phishing Lure For Spreading

    Executive Summary  Technical Analysis  HTML Smuggling With Google Drive Phishing Lure During our research we observed multiple Qakbot Malware samples using Google Drive Phishing Lure to trick the victims. This technique is being used during the delivery mechanism. HTML Smuggling in action, it drops a ZIP folder that contains a malicious ISO Image. Decoy Shortcut […]

  • Threat Brief ProxyNotShell (CVE-2022-41040 and CVE-2022-41082)

    Executive Summary  In August 2022, Vietnamese Cyber Security company GTSC discovered a new Microsoft Exchange zero-day vulnerabilities, that can cause Remote Code Execution (RCE) when it’s being triggered on a victim server and named as ProxyNotShell. Exploitation of ProxyNotShell 0day vulnerability is very similar to ProxyShell (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207). The 0day vulnerabilities were assigned […]

  • Bumblebee Loader Infection Through Specially Crafted VHD Disk

    Bumblebee Loader Infection Through Specially Crafted VHD Disk

    In this report we will share our detailed analysis about the recent Bumblebee Loader campaign that is using VHD disk instead of ISO images, with the new Powershell loader. According to our research Bumblebee Loader using decoyed LNK file as a first malware execution point, when a user clicks on the LNK file it executes […]