Update: CVE-2024-4577 quickly weaponized to distribute Ransomware

June 11, 2024, 10:31 a.m.


The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon execution, the ransomware contacts a command-and-control server, enumerates directories, terminates processes, encrypts files, and leaves a ransom note.


Published Created Modified
June 11, 2024, 10:13 a.m. June 11, 2024, 10:13 a.m. June 11, 2024, 10:31 a.m.


Attack Patterns