AdvisoryAdvisoriesCISAAA23-187A

July 6, 2023

Increased Truebot Activity Infects U.S. and Canada Based Networks

July 6, 2023

What we know so far

This joint advisory by CISA, FBI, MS-ISAC, and CCCS addresses the emergence of new Truebot malware variants targeting organizations in the US and Canada. Truebot, also known as Silence.Downloader, is a botnet used by malicious groups like CL0P Ransomware Gang to steal information from victims. Previously, Truebot was spread through phishing emails, but the newer versions exploit a vulnerability (CVE-2022-31199) in Netwrix Auditor to gain access and deploy the malware on a larger scale. Threat actors now use both phishing campaigns with malicious links and CVE-2022-31199 to distribute these new Truebot variants.

Arrow Right

Schedule a test

Our insights

Verified Security Tests

Protect your endpoints

Subscribe to alerts

July 6, 2023

Insights by Prelude

This advisory focuses on a specific vulnerability, CVE-2022-31199, which should be patched if the underlying software (Netwrix Auditor) is being used. However, the vulnerability is simply a means to deploy malware known as Truebot. What is unique about this particular malware is the approach it takes to evade endpoint defenses. Most defenses will scan new files as they appear on disk, looking for malicious signatures. Truebot attempts to exhaust the scanning process by hiding itself within a one gigabyte junk file. When it downloads to the computer, the large file size may be skipped or partially scanned by the EDR.

See if you are protected against this advisory

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories

AdvisoryAdvisoryCISAAA23-263A

September 20, 2023

#StopRansomware: Snatch Ransomware

AdvisoryAdvisoryCISAAA23-250A

September 7, 2023

CVE-2022-47966 and CVE-2022-42475

AdvisoryAdvisoryCISAAA23-242A

August 30, 2023

QakBot malware evolving

See all advisories

Arrow Right
VisionAdvisoriesOperatorDetectCareersCompany
SupportPressDocumentationPodcastBlogGitHub
Privacy PolicyDetect – TermsTechnical & Organizational MeasuresList of Prelude Sub-ProcessorsStandard Contractual ClausesData Privacy FAQ
Get Started

©2023 Prelude Research, Inc. All rights reserved.
Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Cookies