[MART] - Daily Diary #542 - Two Lockbit 3.0 Bugs Disclosed

CTAS-MAT ctas-mat at appgate.com
Tue Jul 5 22:14:53 UTC 2022 

Hello,
I hope everyone is doing well!

Below is the entry for today.

07/05/2022 - Daily Diary #545

In our Daily Diary #541, we covered Lockbit 3.0 announcements, including the new BugBounty Program. Through announcements in deep web forums, the cybercrime group announced a reward up to $1 million dollars for anyone that could find a vulnerability on their malware.

In the past weeks, two vulnerabilities in Lockbit 3.0 were disclosed. The first one, tracked under MVID-2022-0620, is a buffer overflow vulnerability in the malware published by vx-underground twitter profile.

The second one, published by Malvuln, is a DLL hijacking vulnerability, allowing a modified DLL to be loaded and executed inside the malware process memory. We demonstrated this technique in our Blog Post "BREAKING DRIDEX AND CREATING A VACCINE", where we applied a similar approach to load a vaccine DLL in Dridex's process and stop its execution.

As both vulnerabilities were published by malware analysts, it's unlikely that they were considered in Lockbit's bug bounty. Nevertheless, this demonstrates how reverse engineering a threat can lead to creative solutions to vaccinate environments and develop security measures against cyberattacks.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Manager, MART
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220705/bc759f97/attachment.htm>

More information about the MART mailing list