noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Technology

Trend Micro Inc.

01/09/2025 | News release | Distributed by Public on 01/09/2025 00:29

Information Stealer Masquerades as LDAPNightmare (CVE 2024 49113) PoC Exploit

Conclusion

Protecting against fake repositories containing malware involves adopting a combination of technical measures, security awareness, and best practices. This includes the following:

Always download code, libraries, and dependencies from official and trusted repositories.
Be cautious of repositories with suspicious content that may seem out of place for the tool or application it is supposedly hosting.
If possible, confirm the identity of the repository owner or organization.
Review the repository's commit history and recent changes for anomalies or signs of malicious activity.
Be cautious of repositories with very few stars, forks, or contributors, especially if they claim to be widely used.
Look for reviews, issues, or discussions about the repository to identify potential red flags.

More details on both LDAP vulnerabilities can be found in our previous blog entry, which also provides information on the Trend Micro rules and filters created to provide protection against the exploitation of CVE-2024-49113.

Trend Vision One™ Threat Intelligence

To stay ahead of evolving threats, Trend customers can access a range of Intelligence Reports and Threat Insights within Trend Vision One. Threat Insights helps customers stay ahead of cyber threats before they happen and be better prepared for emerging threats. It offers comprehensive information on threat actors, their malicious activities, and the techniques they use. By leveraging this intelligence, customers can take proactive steps to protect their environments, mitigate risks, and respond effectively to threats.

Trend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.

Suspicious PowerShell script under subdirectory of %LocalAppData%

eventSubId: 101 AND objectFilePath: /AppData\\Local\\Temp\\\w+\.tmp\\\w+\.tmp\\\w+\.ps1/

More hunting queries are available for Trend Vision One customers with Threat Insights Entitlement enabled.

Indicators of Compromise

The list of IOCs for this blog entry can be found here.

Sharing and Personal Tools

Please select the service you want to use: