A fake proof-of-concept exploit for the LDAPNightmare vulnerability (CVE-2024-49113) is being used to distribute information-stealing malware. The malicious repository, disguised as a fork from the original creator, contains an executable file that, when run, drops and executes a PowerShell script. This script creates a Scheduled Job that downloads and executes another script from Pastebin. The malware collects various system information, compresses it, and exfiltrates it to an external FTP server. This attack capitalizes on a trending issue, potentially affecting a large number of victims. To protect against such threats, users are advised to download from trusted sources, be cautious of suspicious content, and review repository details carefully. Author: AlienVault
Related Tags:
cve-2024-49112
poc exploit
ldapnightmare
cve-2024-49113
T1048.003
T1120
T1053.005
information stealer
T1059.001
Associated Indicators:
null