Truebot (669f8b7a-2404-47ab-843d-e63431faafec)
Truebot is a botnet often used as a loader for other malware. In July 2023, U.S. authorities released joint Cybersecurity Advisory AA23-187A, which detailed increased observations of new Truebot variants infecting organizations in the United States and Canada. Authorities assessed that Truebot infections are primarily motivated around collection and exfiltration of sensitive victim data for financial gain. Officials also assessed that actors were using both spearphishing emails containing malicious hyperlinks and exploitation of CVE-2022-31199 (a vulnerability in the IT auditing application Netwrix Auditor) to deliver Truebot during these attacks. Additional tools associated with the attacks included Raspberry Robin for initial infections; FlawedGrace and Cobalt Strike for various post-exploitation activities; and Teleport, a custom tool for data exfiltration.[U.S. CISA Increased Truebot Activity July 6 2023]
Malpedia (Research): https://malpedia.caad.fkie.fraunhofer.de/details/win.silence
Malware Bazaar (Samples & IOCs): https://bazaar.abuse.ch/browse/tag/truebot/
PulseDive (IOCs): https://pulsedive.com/threat/Truebot