BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Bitdefender Labs reports new BellaCiao malware

    Cybersecurity researchers at cybersecurity firm Bitdefender Labs have discovered that the Iranian-backed APT group Charming Kitten is attacking victims in the US, Europe, the Middle East and India with a new malware dubbed BellaCiao.

    BellaCiao is a "personalized dropper" capable of delivering other payloads to a victim computer using commands from a C2 server. According to Bitdefender Labs, each sample delivered was tied to a specific victim and contained hard-coded information such as a company name, specially crafted subdomains, or an associated public IP address.

    Specially designed malware (tailored malware) is generally harder to detect because it contains unique code and is designed to avoid detection.

    The exact attack vector is unknown, although it is believed that known vulnerabilities in Microsoft Exchange Server or Zoho ManageEngine web applications were used to penetrate systems.

    After a successful attack, the hackers try to disable Microsoft Defender using a PowerShell command and establish persistence on the host via a service instance. Also in their attacks, cybercriminals download two Internet Information Services (IIS) modules that are capable of processing incoming instructions and extracting credentials.

    BellaCiao is notable for performing a DNS query every 24 hours to resolve the subdomain to an IP address, which is then parsed to extract the commands to be executed on the compromised system.

    The IP address communicates with the attacker's DNS server, which sends malicious hard-coded instructions through a fake IP address that mimics the target's real IP address. As a result, additional malware is delivered via hardcoded instructions rather than a traditional download. Depending on the IP address, the chain of attacks leads to the deployment of a web shell that supports the ability to upload and download arbitrary files, as well as execute commands.

    A second variant of BellaCiao has also been seen, which replaces the web shell with the Plink tool, a command-line utility for PuTTY designed to establish a reverse proxy connection to a remote server and implement backdoor functions.

    In a campaign that has targeted multiple industries and companies, the BellaCiao dropper is configured and deployed against carefully selected victims after indiscriminate exploitation of vulnerable systems. The detected Charming Kitten attacks are especially effective against systems that are poorly maintained, have outdated software or weak passwords, and against small companies that lack detection and response capabilities.

    Author DeepWeb
    Atomic Stealer: New Data Stealer for macOS
    Hackers are able to steal all your passwords through Outlook, even without installing additional software

    Comments 0

    Add comment