/* * This file is part of the Symfony package. * * (c) Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\String; if (!\function_exists(u::class)) { function u(?string $string = ''): UnicodeString { return new UnicodeString($string ?? ''); } } if (!\function_exists(b::class)) { function b(?string $string = ''): ByteString { return new ByteString($string ?? ''); } } if (!\function_exists(s::class)) { /** * @return UnicodeString|ByteString */ function s(?string $string = ''): AbstractString { $string = $string ?? ''; return preg_match('//u', $string) ? new UnicodeString($string) : new ByteString($string); } } Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild – OWASP Jakarta

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild

Published by adminowasp on

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild

Dear blog readers,

I’ve recently intercepted a currently circulating spamvertised campaign enticing users into interacting with a Powershell script ultimately tricking them into downloading and executing malicious software on their hosts.

Upon execution the sample downloads and drops additional malicious software.

Primary URL: hxxp://github-scanner.com

Sample download location: hxxp://github-scanner.com/l6E.exe

MD5: fac2188e4a28a0cf32bf4417d797b0f8

Once executed the sample phones back to:

hxxp://eemmbryequo.shop/api – 172.67.142.26

hxxp://2x.si/ta2.exe – 104.21.27.222 – MD5: 8199c105289d70af5446c7fd64496d7b

Once executed the second sample phones back to:

20.99.186.246

23.216.81.152

45.11.229.96

52.185.73.156 

[ad_2]

https://ddanchev.blogspot.com/2024/09/spamvertized-github-powershell.html




Categories: News
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
News

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, Read more…

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
News

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan Japan’s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating Read more…

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
News

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could Read more…