Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
Essential information
- Published
- 11/06/2024 10:13
- Modified
- 11/06/2024 10:31
- Tags
- 2024-06-11 CVE-2024-4577 encryption exploit infection ransomware tellyouthepass
- Related entities
- 5 vulnerabilities (cve), 5 observables, 11 techniques (mitre), 1 malware
Description
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon execution, the ransomware contacts a command-and-control server, enumerates directories, terminates processes, encrypts files, and leaves a ransom note.