July 6, 2023
This advisory focuses on a specific vulnerability, CVE-2022-31199, which should be patched if the underlying software (Netwrix Auditor) is being used. However, the vulnerability is simply a means to deploy malware known as Truebot. What is unique about this particular malware is the approach it takes to evade endpoint defenses. Most defenses will scan new files as they appear on disk, looking for malicious signatures. Truebot attempts to exhaust the scanning process by hiding itself within a one gigabyte junk file. When it downloads to the computer, the large file size may be skipped or partially scanned by the EDR.
Be immediately notified of new advisories and associated security tests