Visit us at GITEX 2023 to witness the power of Hive Pro TEM Platform: Schedule a Meeting

Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware

Threat Advisories

Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop ransomware. A recent study has linked it to TA505.

There are two different Truebot botnets discovered recently; one is distributed worldwide, with a specific focus on Mexico, Pakistan, and Brazil, while the other is focused on the US. In recent attacks, the Raspberry Robin worm and a now-patched vulnerability in Netwrix Auditor have been exploited to deliver malware.

Sign up to receive our Weekly Threat Digest