COBALT STRIKE CRACK REDDIT ARCHIVE
Opening the malware-laced document leads to the download of a Cabinet archive file containing a DLL bearing an INF file extension that, when decompressed, leads to the execution of a function within that DLL. The exploit delivery mechanism originates from emails impersonating contracts and legal agreements hosted on file-sharing sites. The earliest exploitation attempt by DEV-0413 dates back to August 18. The Redmond-based tech giant attributed the activities to related cybercriminal clusters it tracks as DEV-0413 and DEV-0365, the latter of which is the company's moniker for the emerging threat group associated with creating and managing the Cobalt Strike infrastructure used in the attacks. Microsoft has since rolled out a fix for the vulnerability as part of its Patch Tuesday updates a week later on September 14.
"The observed attack vector relies on a malicious ActiveX control that could be loaded by the browser rendering engine using a malicious Office document," the researchers noted. Details about CVE-2021-40444 (CVSS score: 8.8) first emerged on September 7 after researchers from EXPMON alerted the Windows maker about a "highly sophisticated zero-day attack" aimed at Microsoft Office users by taking advantage of a remote code execution vulnerability in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.
0 kommentar(er)
