Threat Advisories

Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware

December 12, 2022

Threat Level

Red

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop ransomware. A recent study has linked it to TA505.

There are two different Truebot botnets discovered recently; one is distributed worldwide, with a specific focus on Mexico, Pakistan, and Brazil, while the other is focused on the US. In recent attacks, the Raspberry Robin worm and a now-patched vulnerability in Netwrix Auditor have been exploited to deliver malware.

Hive Pro includes Breach & Attack Simulation as a feature in its Threat Exposure Management Platform

Actors, Threats and Vulnerabilities 5 – 11 December 2022