In October of last year, Microsoft used a court order to disrupt the prolific ransomware distributor Trickbot. The botnet survived and now threat researchers are monitoring a new Trickbot campaign. The new phishing attack sends an email link that redirects victims to a compromised server, taking them to a webpage claiming they have been found guilty of a traffic violation. Included is a download button where victims can see photos of the alleged incident. Upon clicking the download button, a zip file containing a malicious JavaScript file is downloaded, and if the JavaScript file is double-clicked, it will run using the built-in Windows scripting host and Trickbot malware is loaded by downloading a binary executable.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is