image credit: Rawpixel

Uncommon infection and malware propagation methods

October 5, 2022

BlackBasta: a new propagation method

BlackBasta, the notorious ransomware we have written about before, recently received an update. It now has a second optional command line parameter: “-bomb”.

When that parameter is used, the malware does the following:

  1. сonnect to the AD using the LDAP library and obtain a list of machines on the network,
  2. using the list of machines, copy itself to each machine,
  3. using the Component Object Model (COM), run remotely on each machine.

Read More on Securelist