Windows Defender ya yi kutse don tura wannan haɗari na ransomware

Yanzu ana amfani da raunin Log4j don tura tashoshi na Cobalt Strike ta hanyar kayan aikin layin umarni na Windows Defender, masu bincike sun gano.

Masu binciken tsaro ta yanar gizo daga Sentinel Labs kwanan nan sun hango wata sabuwar hanya, wanda wani ɗan wasan barazanar da ba a san shi ya yi aiki ba, tare da ƙarshen wasan shine tura LockBit 3.0 ransomware.

Yana aiki kamar haka: ɗan wasan barazanar zai yi amfani da log4shell (kamar yadda ake yiwa Log4j sifili-rana) don samun damar zuwa ƙarshen maƙasudi, da samun gatan mai amfani da suka dace. Da zarar hakan ya fita, za su yi amfani da PowerShell don zazzage fayiloli daban-daban guda uku: Fayil mai amfani na Windows CL (tsabta), fayil ɗin DLL (mpclient.dll), da fayil ɗin LOG (ainihin tambarin Cobalt Strike).

Cobalt Strike mai ɗaukar gefe

Daga nan za su gudanar da MpCmdRun.exe, mai amfani da layin umarni wanda ke yin ayyuka daban-daban na Microsoft Defender. Wannan shirin yawanci yana loda halaltaccen fayil na DLL - mpclient.dll, wanda yake buƙatar gudanar da shi daidai. Amma a cikin wannan misali, shirin zai ɗora nauyin DLL mai cutarwa mai suna iri ɗaya, wanda aka sauke tare da shirin.

Wannan DLL zai sami nauyin fayil ɗin LOG kuma ya ɓoye ɓoyayyen kayan aikin Cobalt Strike.

Hanya ce da aka sani da lodin gefe.

Yawancin lokaci, wannan haɗin gwiwar LockBit ya yi amfani da kayan aikin layin umarni na VMware don ɗaukar tashoshi na Cobalt Strike, BleepingComputer ya ce, don haka sauyawa zuwa Windows Defender ya ɗan bambanta. Littafin ya yi hasashen canjin da aka yi don ketare kariyar da VMware ya gabatar kwanan nan. Har yanzu, yin amfani da kayan aikin rayuwa-ba-da-kasa don gujewa gano ta riga-kafi (yana buɗewa a sabon shafin) ko malware (yana buɗewa a sabon shafin) sabis na kariya ya kasance "na kowa" a kwanakin nan, littafin ya ƙare, yana mai kira ga 'yan kasuwa da su bincika matakan tsaro kuma su yi taka tsantsan tare da bin diddigin yadda ake amfani da halalcin zartarwa (ab).

Ko da yake Cobalt Strike shine ingantaccen kayan aiki, ana amfani da shi don gwajin shiga, ya yi girma sosai saboda masu yin barazana a ko'ina suke cin zarafi. Ya zo tare da ɗimbin fasalulluka waɗanda masu aikata laifukan yanar gizo za su iya amfani da su don zayyana hanyar sadarwar da aka yi niyya, ba a gano su ba, da kuma motsawa ta gefe a cikin wuraren ƙarshe, yayin da suke shirin satar bayanai da tura kayan fansa.

via: BleepingComputer (yana buɗewa a sabon shafin)

source

Rubutu na gaba

Windows Defender ya yi kutse don tura wannan haɗari na ransomware

Dole ne a sami software a cikin 2024

Manyan Kategorien

Latest reviews

Samsung Galaxy Z Flip 5 Teaser Bidiyo, Gaban taron da ba a cika fakitin Galaxy ba, Yana Nuna Sabon Tsarin Hinge, Zaɓuɓɓukan Launi

Twitter yana iyakance adadin DM masu amfani da ba a tantance ba za su iya aikawa

Wayar Android da na fi so na iya yin abubuwan da iPhone 14 Pro Max ba za su iya ba

Ana ƙaddamar da ChatGPT don Android mako mai zuwa, kuma za ku iya riga-ka yi rajista yanzu

Xiaomi Smart TV 32A, Smart TV 40A, Smart TV 43A Tare da Google TV, An ƙaddamar da masu magana da 20W a Indiya: Farashin, Ƙayyadaddun bayanai

Wannan baturi da ake ci zai iya ƙarfafa duniyar bincike da kuzari mai dorewa