Growing Number of Threats Leveraging AI

July 25, 2024, 1:27 p.m.

Description

Symantec has observed a rise in attacks using Large Language Models (LLMs) to generate malicious code for delivering payloads like Rhadamanthys, NetSupport, CleanUpLoader, ModiLoader, LokiBot, and Dunihi. The campaigns involve phishing emails with attachments that execute LLM-generated scripts to deploy malware. Threat actors leverage AI's capabilities to craft convincing lures and sophisticated malicious code efficiently. As AI advances, attacks will become more sophisticated and widespread, making robust protection crucial.

External References

https://symantec-enterprise-blogs.security.com/threat-intelligence/malware-ai-llm
https://otx.alienvault.com/pulse/66a24ec0c13b3affba526176
Tags
ai
2024-07-25
llm

Date

  • Created: July 25, 2024, 1:10 p.m.
  • Published: July 25, 2024, 1:10 p.m.
  • Modified: July 25, 2024, 1:27 p.m.

Indicators

  • f5fc667d818a26fbb5c04657b131d86af1746a349ceb9d6e441d24c8673393b2
  • fa0fee451b2dd9c532189705177457d0982e1f27f11e3e2b0b31b9ece654ff4c
  • f1cfc6e55777a62a1b269901793550ce8d0126d1035c5bebf5c8145a83ef842b
  • f06d83ce130bae96ebfde9adddd0ff1245febf768e6d984b69816b252808ba0c
  • eb8a22036655f0eb19924868031d3cdd273630b167a5fec72b3c98fe887ca9c6
  • dc6c5b4abb65c8e5169f96a65d0a225c91ad2a58e13ecaba5b3ff29d07a4660b
  • d38a62a73a9fe1ed0ce7f6902e52d90a056374123d6ecf4d5ff9a01008e922cb
  • d05032ca22352ba77ce67a2975a33a5a3a7170705817fe4305b162f7e4e7065b
  • cd003f5ce0dde74b9793685c549a6883b405fca4d533f27fbb050199a2339a28
  • cad698049830745ba6685b5d571def86fa77d046d2403a7c48ed8d0258314093
  • c8032306ab5c5bf09c38bd05a2f41bb4dce98a56df0570c6a58f116127e0532d
  • c7d1dc81bb9cc86dd129ac414e8805dddbfff23d347e5f3349d5d59f4172f3ba
  • c645fd15dda1aa3d5554b847e1d243493ea22f81faf3d1f883100a4b51438b27
  • bf0b4c933b9ef188a9073d68d955add8cbe8398f3ec2e04ce285d45c8183c033
  • bcdb4f1af705889ace73e8a0c8626bc6b615393a4c4f28ea00e5a51eb6e541d9
  • bc824a97e877ef38d5d14e0d51433f3890873b58b710c0e5d41a4638a1a3faf4
  • bb932056cae8940742e50b4f2b994a802e703f7bc235e7dd647d085ae2b2baf7
  • bac7079571fa4fa2e3543fd4edfb5144ec4ff9046065c7f11cb8c9552117d138
  • ba325f828378c1733044f3022d73d770e2a8e81aeb01605b13866de7e722075d
  • b6aada8476838cd39efd5a3681f50eceb0938bbcdecd3712fdb81394ed2922bb
  • b1d48ca54efb57b9bd626420391fbbc638c9f4271f009dfb31b28c33b76a4228
  • a2c1b716d20b61bc4c57748e1ec195fbac2c5b143cf960d0ffee895160d4b0db
  • a1739e001e0720341f14466231a21bd12a74485dab59b0f4fde7f931467cb4b2
  • 9bd692bc32e13185232e95ff7693d0039b5c5c563323982bfab34a5d1e0379ae
  • 948d0d1fabbd858c13c387737ef833beb982141cfc2e2d0e26024918eb0af479
  • 9160a5f4db292a50baed109bff1c94738418fb8e6d729d7fc4a7841db06f8f3e
  • 5077eee9d9933e1db4b311b893a8f3583ca9f0d9f6db33938a67bf5054133aa8
  • 4fb58687a364c3f6d6f7e0ca03654f9dec0f8832a499d61d40b0d424db1b1b14
  • 44b3095a86f2091ccb9b52b9ecf995bc5b9e2294eb9e38d90e9fd743567f5f22
  • 4153f2ce9cd956b29a1d1f21669932596fd1564863f65782d1eea4e06e8623f7
  • 3a88fcb26f7a6be68b65ab18d8358365e9a4fd7d4c0ef8fc581771ccfb746271
  • 30dd8cbba98f2e4cbb8d8d85a7a9ac97b0157a77c83d9b8deab50c2225c0cb22
  • 2ae6737d691bff402fc50a29eddcbe9fd0b0c18250776435f61ce70f3c9481cd
  • 29f8b50f737feef9ec7439780daead395bf2bf278a4540ddffe64ca70aa9f462
  • 121e900d1efc6d9e537471360848b333bfbbb7e08ecadb1d75897882ce2dcb20
  • 0a90fade657a0c0ac73d4e085e168aa8515994700a12612d1c20cb00ed15a0ca
  • c398b3e06ef860670b9597daed85632834fa961aea87164b8ba8bb2f094a14ef
Download all indicators here!

Attack Patterns

  • Dunihi
  • CleanUpLoader
  • ModiLoader
  • Lokibot - S0447
  • NetSupport
  • Rhadamanthys