Back

Growing Number of Threats Leveraging AI

July 25, 2024, 1:27 p.m.

Tags

ai
2024-07-25
llm

External References

https://symantec-enterprise-blogs.security.com/

https://otx.alienvault.com/

Description

Symantec has observed a rise in attacks using Large Language Models (LLMs) to generate malicious code for delivering payloads like Rhadamanthys, NetSupport, CleanUpLoader, ModiLoader, LokiBot, and Dunihi. The campaigns involve phishing emails with attachments that execute LLM-generated scripts to deploy malware. Threat actors leverage AI's capabilities to craft convincing lures and sophisticated malicious code efficiently. As AI advances, attacks will become more sophisticated and widespread, making robust protection crucial.

Date

Published Created Modified
July 25, 2024, 1:10 p.m. July 25, 2024, 1:10 p.m. July 25, 2024, 1:27 p.m.

Indicators

f5fc667d818a26fbb5c04657b131d86af1746a349ceb9d6e441d24c8673393b2

fa0fee451b2dd9c532189705177457d0982e1f27f11e3e2b0b31b9ece654ff4c

f1cfc6e55777a62a1b269901793550ce8d0126d1035c5bebf5c8145a83ef842b

f06d83ce130bae96ebfde9adddd0ff1245febf768e6d984b69816b252808ba0c

eb8a22036655f0eb19924868031d3cdd273630b167a5fec72b3c98fe887ca9c6

dc6c5b4abb65c8e5169f96a65d0a225c91ad2a58e13ecaba5b3ff29d07a4660b

d38a62a73a9fe1ed0ce7f6902e52d90a056374123d6ecf4d5ff9a01008e922cb

d05032ca22352ba77ce67a2975a33a5a3a7170705817fe4305b162f7e4e7065b

cd003f5ce0dde74b9793685c549a6883b405fca4d533f27fbb050199a2339a28

cad698049830745ba6685b5d571def86fa77d046d2403a7c48ed8d0258314093

c8032306ab5c5bf09c38bd05a2f41bb4dce98a56df0570c6a58f116127e0532d

c7d1dc81bb9cc86dd129ac414e8805dddbfff23d347e5f3349d5d59f4172f3ba

c645fd15dda1aa3d5554b847e1d243493ea22f81faf3d1f883100a4b51438b27

bf0b4c933b9ef188a9073d68d955add8cbe8398f3ec2e04ce285d45c8183c033

bcdb4f1af705889ace73e8a0c8626bc6b615393a4c4f28ea00e5a51eb6e541d9

bc824a97e877ef38d5d14e0d51433f3890873b58b710c0e5d41a4638a1a3faf4

bb932056cae8940742e50b4f2b994a802e703f7bc235e7dd647d085ae2b2baf7

bac7079571fa4fa2e3543fd4edfb5144ec4ff9046065c7f11cb8c9552117d138

ba325f828378c1733044f3022d73d770e2a8e81aeb01605b13866de7e722075d

b6aada8476838cd39efd5a3681f50eceb0938bbcdecd3712fdb81394ed2922bb

b1d48ca54efb57b9bd626420391fbbc638c9f4271f009dfb31b28c33b76a4228

a2c1b716d20b61bc4c57748e1ec195fbac2c5b143cf960d0ffee895160d4b0db

a1739e001e0720341f14466231a21bd12a74485dab59b0f4fde7f931467cb4b2

9bd692bc32e13185232e95ff7693d0039b5c5c563323982bfab34a5d1e0379ae

948d0d1fabbd858c13c387737ef833beb982141cfc2e2d0e26024918eb0af479

9160a5f4db292a50baed109bff1c94738418fb8e6d729d7fc4a7841db06f8f3e

5077eee9d9933e1db4b311b893a8f3583ca9f0d9f6db33938a67bf5054133aa8

4fb58687a364c3f6d6f7e0ca03654f9dec0f8832a499d61d40b0d424db1b1b14

44b3095a86f2091ccb9b52b9ecf995bc5b9e2294eb9e38d90e9fd743567f5f22

4153f2ce9cd956b29a1d1f21669932596fd1564863f65782d1eea4e06e8623f7

3a88fcb26f7a6be68b65ab18d8358365e9a4fd7d4c0ef8fc581771ccfb746271

30dd8cbba98f2e4cbb8d8d85a7a9ac97b0157a77c83d9b8deab50c2225c0cb22

2ae6737d691bff402fc50a29eddcbe9fd0b0c18250776435f61ce70f3c9481cd

29f8b50f737feef9ec7439780daead395bf2bf278a4540ddffe64ca70aa9f462

121e900d1efc6d9e537471360848b333bfbbb7e08ecadb1d75897882ce2dcb20

0a90fade657a0c0ac73d4e085e168aa8515994700a12612d1c20cb00ed15a0ca

c398b3e06ef860670b9597daed85632834fa961aea87164b8ba8bb2f094a14ef

Attack Patterns

Dunihi

CleanUpLoader

ModiLoader

Lokibot - S0447

NetSupport

Rhadamanthys