Description
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon execution, the ransomware contacts a command-and-control server, enumerates directories, terminates processes, encrypts files, and leaves a ransom note.
Date
| Published | Created | Modified |
|---|---|---|
| June 11, 2024, 10:13 a.m. | June 11, 2024, 10:13 a.m. | June 11, 2024, 10:31 a.m. |
Indicators
9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53
5a2b9ddddea96f21d905036761ab27627bd6db4f5973b006f1e39d4acb04a618
95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3
bc1qnuxx83nd4keeegrumtnu8kup8g02yzgff6z53l
88.218.76.13
Attack Patterns
TellYouThePass
T1567.002
T1059.005
T1059.003
T1059.001
T1547.001
T1497
T1204.002
T1489
T1486
T1083
T1027
CVE-2024-3577
CVE-2023-22524
CVE-2024-4577
CVE-2023-46604
CVE-2021-44228