In February 2021, Bitdefender researchers have identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174).
The delivered malware looks like a new variant of WastedLocker, but this new sample is missing the ransomware part, which is probably downloaded from the C&C servers. Because it works like a loader for the downloaded payload, we named it WastedLoader.
Bitdefender is urging organizations to ensure that browser, operating system, and third party software are up to date. Endpoint Protection and Endpoint Detection and Response solutions can help organizations minimize the impact of this threat.
A full analysis of the campaign is available in the whitepaper below:
Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications.View all posts
As a Security Researcher in Bitdefender's anti-exploit team, I am passionate about binary exploitation, reverse engineering, and programming.View all posts
I am a security researcher in the GEMMA team, passionate about reverse engineering and malware analysis. In the spare time, I participate in CTF contests. I am also passionate about forensics.View all posts
Aron is a security researcher in the GEMMA team. Passionate about cybersecurity in general, he is mostly interested in binary exploitation. He also enjoys playing CTFs in the spare time.View all posts
January 11, 2023
January 05, 2023
December 06, 2022
October 05, 2022
September 15, 2022
May 31, 2022