Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Mo 05.08.2024 00:00:07 7.218 +1 612.605 84,9 NerdCulture 4.2.10 1.000 So 04.08.2024 00:01:08 7.217 0 612.238 84,8 NerdCulture 4.2.10 1.000 Sa 03.08.2024 00:01:10 7.217 0 611.946 84,8 NerdCulture 4.2.10 1.000 Fr 02.08.2024 00:01:14 7.217 -1 611.448 84,7 NerdCulture 4.2.10 1.000 Do 01.08.2024 00:01:37 7.218 +1 610.940 84,6 NerdCulture 4.2.10 1.000 Mi 31.07.2024 00:00:30 7.217 0 610.506 84,6 NerdCulture 4.2.10 1.000 Di 30.07.2024 00:00:15 7.217 0 609.945 84,5 NerdCulture 4.2.10 1.000 Mo 29.07.2024 00:00:05 7.217 0 609.394 84,4 NerdCulture 4.2.10 1.000 So 28.07.2024 00:00:10 7.217 0 608.998 84,4 NerdCulture 4.2.10 1.000 Sa 27.07.2024 00:00:04 7.217 0 608.530 84,3 NerdCulture 4.2.10 1.000
Olly 👾 (@Olly42) · 01/2024 · Tröts: 257 · Folger: 29
Mo 05.08.2024 12:21
New Windows Backdoor BITSLOTH exploits BITS for stealthy Communication.
IT-Security researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism.
https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth
#microsoft #windows #backdoor #bitsloth #bits #c2 #it #security #privacy #technology #engineering #tech #media #news
The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024. It's currently not clear who is behind it, although a source code analysis has uncovered logging functions and strings that suggest the authors could be Chinese speakers.
![[ImageSource: elastic.co]
Another potential link to China comes from the use of an open-source tool called RingQ. RingQ is used to encrypt the malware and prevent detection by security software, which is then decrypted and executed directly in memory.
In June 2024, the AhnLab Security Intelligence Center's (ASEC) revealed that vulnerable web servers are being exploited to drop web shells, which are then leveraged to deliver additional payloads, including a cryptocurrency miner via RingQ. The attacks were attributed to a Chinese-speaking threat actor.](https://nerdculture.de/system/media_attachments/files/112/908/868/439/212/012/small/e86474598e1d0895.png "[ImageSource: elastic.co]
Another potential link to China comes from the use of an open-source tool called RingQ. RingQ is used to encrypt the malware and prevent detection by security software, which is then decrypted and executed directly in memory.
In June 2024, the AhnLab Security Intelligence Center's (ASEC) revealed that vulnerable web servers are being exploited to drop web shells, which are then leveraged to deliver additional payloads, including a cryptocurrency miner via RingQ. The attacks were attributed to a Chinese-speaking threat actor.")
[ImageSource: elastic.co] Another potential link to China comes from the use of an open-source tool called RingQ. RingQ is used to encrypt the malware and prevent detection by security software, which is then decrypted and executed directly in memory. In June 2024, the AhnLab Security Intelligence Center's (ASEC) revealed that vulnerable web servers are being exploited to drop web shells, which are then leveraged to deliver additional payloads, including a cryptocurrency miner via RingQ. The attacks were attributed to a Chinese-speaking threat actor.
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext