Create tbb.yml by JPMinty · Pull Request #128 · wietze/HijackLibs New Octowave variant using this to deliver ACR/Amatera Stealer

Masquerading as `IO Broker Installer` on disk from the compiled MSI that seems to have artifacts from a SyslogCenter executable previously used by Octowave Loader that was still left in the MSI.

PR made to #hijacklibs github.com/wietze/Hijac...

HijackLibs HijackLibs provides an curated list of DLL Hijacking candidates: mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide va...

Published 4 new DLL hijack entries in hijacklibs.net for the executable “Microsoft.BDD.Catalog35.exe” which is part of Microsoft Deployment Toolkit:

- IPHLPAPI.dll
- profapi.dll
- CRYPTBASE.dll
- cryptnet.dll

hijacklibs.net#microsoft.bd...

#dllhijack #hijacklibs #malwaredev