#magniber — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #magniber, aggregated by home.social.
-
Magniber ransomware targets home users https://www.malwarebytes.com/blog/news/2024/08/magniber-ransomware-targets-home-users #IDRansomware #Ransomware #ransomware #magniber #News
-
Magniber ransomware targets home users https://www.malwarebytes.com/blog/news/2024/08/magniber-ransomware-targets-home-users #IDRansomware #Ransomware #ransomware #magniber #News
-
Magniber ransomware targets home users https://www.malwarebytes.com/blog/news/2024/08/magniber-ransomware-targets-home-users #IDRansomware #Ransomware #ransomware #magniber #News
-
Magniber ransomware targets home users https://www.malwarebytes.com/blog/news/2024/08/magniber-ransomware-targets-home-users #IDRansomware #Ransomware #ransomware #magniber #News
-
#Magniber #ransomware actors used a variant of #Microsoft #SmartScreen #bypass
Financially motivated threat actors used an unpatched security bypass to deliver ransomware without any security warnings
-
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-packageWe are going to publish our #Yara rules for this tomorrow, stay tuned.
-
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-packageWe are going to publish our #Yara rules for this tomorrow, stay tuned.
-
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-packageWe are going to publish our #Yara rules for this tomorrow, stay tuned.
-
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-packageWe are going to publish our #Yara rules for this tomorrow, stay tuned.
-
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-packageWe are going to publish our #Yara rules for this tomorrow, stay tuned.