{ "name": "Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412", "slug": "increase-in-the-exploitation-of-microsoft-smartscreen-vulnerability-cve-2024-21412", "description": "Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideloading and IDATLoader to inject the final payload. The malicious activity culminates in the deployment of Lumma and Meduza Stealer for data theft.", "published": "2024-07-11T11:12:08+00:00", "created_at": "2024-07-11T11:12:08+00:00", "modified_at": "2024-07-11T11:36:11+00:00", "created_at_opencti": "2024-07-11T11:12:08+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-11", "CVE-2024-21412", "lumma", "malicious", "meduza stealer", "phishing", "spam", "stealer", "vulnerability" ], "related_entities": { "observables": [ { "id": "", "name": "aceee450c55d61671c2d3d154b5f77e7f99688b6da8a8f3256a4bae2cdb76a4c" }, { "id": "", "name": "81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1" }, { "id": "", "name": "7ee31fa89e9e68f20004bdc31f8f05a95861b6c678bfa3b57f09fdfad9ef5290" }, { "id": "", "name": "6481462f15ad4213f83a3d28304f14496bae1feb8580056959a657d0ee8981db" }, { "id": "", "name": "58e2b766dec37cc5fcfb63bc16d69627cd87e7e46f0b9f48899889479f12611e" }, { "id": "", "name": "4eccb7813cee8c8039424aebf69f4269d4a6c2c72d81a001254bcdce80034555" }, { "id": "", "name": "473abb2c272295473e5556ec7dec06f2018c0a67f208d8ab33de1fb6d40895f5" }, { "id": "", "name": "268a0de2468726a106fd92563a846e764f2ba313e37b5fc0cf76171b0a363f6f" }, { "id": "", "name": "2460e7590e09af09ced6f75c001a9066c18629d956edbe8041f08cd21b7528b2" }, { "id": "", "name": "a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0" }, { "id": "", "name": "a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91" }, { "id": "", "name": "0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647" } ], "malware": [ { "id": "legacy:malware:fb966c131bdd6d80", "name": "Meduza Stealer", "slug": "meduza-stealer" }, { "id": "40393205-bf5e-4be2-a843-8064b1c6c5de", "name": "Lumma", "slug": "lumma" } ], "attack_patterns": [ { "id": "eaed9e28-8072-48ff-bd94-ed7d72554636", "name": "T1218.005" }, { "id": "e8422fc8-8365-4a6a-a556-d6ec16cb4e5d", "name": "T1574.002" }, { "id": "52b92395-d3d3-4e05-976a-0fccccfce8d2", "name": "T1566.002" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "7d7ac733-6442-416f-8669-c302dd0843b9", "name": "T1036" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Australia" }, { "id": "", "name": "Spain" }, { "id": "", "name": "United States of America" } ] }, "external_refs": [ "https://cyble.com/blog/increase-in-the-exploitation-of-microsoft-smartscreen-vulnerability-cve-2024-21412/", "https://otx.alienvault.com/pulse/668fda28adab48347ee153c0" ] }