BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Vulnerable Microsoft IIS Servers Became a Spying Tool for Lazarus Group Hackers

    The attacks used an outdated Notepad++ plugin to deliver malware.

    The AhnLab Security Emergency Response Center (ASEC) reports that North Korean hacker group Lazarus Group is targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers to deploy malware on target systems.

    According to AhnLab Securit, the group uses DLL Sideloading to launch arbitrary payloads. Hackers place a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) through the Windows IIS web server process, w3wp.exe. The attackers then launch a normal application to initiate the execution of the malicious DLL.

    The malicious library "msvcr100.dll" is designed to decrypt encoded payloads, which are then executed in memory. The malware is said to be a variant that was discovered by ASEC last year and acted as a backdoor to communicate with the C2 server.

    The chain of attacks also involved the use of an open source Notepad++ plugin called Quick Color Picker, which is now deprecated, to deliver additional malware to facilitate credential theft and lateral movement.

    The latest development demonstrates the variety of Lazarus attacks and the group's ability to use a wide range of tools for long-term espionage operations.

    Author DeepWeb
    Brave's new browser feature deletes all data about you after closing a tab
    Smartphone as a hostage: how not to fall for the new ransomware Trojan

    Comments 0

    Add comment