BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Vulnerable Microsoft IIS Servers Became a Spying Tool for Lazarus Group Hackers

    The attacks used an outdated Notepad++ plugin to deliver malware.

    The AhnLab Security Emergency Response Center (ASEC) reports that North Korean hacker group Lazarus Group is targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers to deploy malware on target systems.

    According to AhnLab Securit, the group uses DLL Sideloading to launch arbitrary payloads. Hackers place a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) through the Windows IIS web server process, w3wp.exe. The attackers then launch a normal application to initiate the execution of the malicious DLL.

    The malicious library "msvcr100.dll" is designed to decrypt encoded payloads, which are then executed in memory. The malware is said to be a variant that was discovered by ASEC last year and acted as a backdoor to communicate with the C2 server.

    The chain of attacks also involved the use of an open source Notepad++ plugin called Quick Color Picker, which is now deprecated, to deliver additional malware to facilitate credential theft and lateral movement.

    The latest development demonstrates the variety of Lazarus attacks and the group's ability to use a wide range of tools for long-term espionage operations.

    Author DeepWeb
    Brave's new browser feature deletes all data about you after closing a tab
    Smartphone as a hostage: how not to fall for the new ransomware Trojan

    Comments 0

    Add comment