详细内容或原文请订阅后点击阅览
介绍Hybridpetya:带有UEFI Secure Boot旁路的Petya/notpetya模仿
petya/notpetya的uefi copycat利用CVE-2024-7344在Virustotal上发现的CVE-2024-7344
来源:WeLiveSecurity _恶意软件ESET Research在Virustotal样品共享平台上发现了Hybridpetya。它是臭名昭著的Petya/notpetya恶意软件的模仿,它增加了损害基于UEFI的系统的能力,并武器化CVE ‑ 2024-7344以绕过过时的系统上的UEFI Secure启动。
CVE ‑ 2024-7344Key points of this blogpost:New ransomware samples, which we named HybridPetya, resembling the infamous Petya/NotPetya malware, were uploaded to VirusTotal in February 2025.HybridPetya encrypts the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions.Unlike the original Petya/NotPetya, Hybridpetya可以通过在EFI系统分区上安装恶意的EFI应用程序来损害现代的基于UEFI的系统。分析的Hybridpetya变体的一种利用了CVE −2024-7344,以绕过UEFI的启动,以在过时的系统上绕过UEFI的启动,并利用了专门的cloak.date telemets telemets telemets telemets telemets telemets telemets telemets telemets telemets telemeste, 然而;该恶意软件没有显示在原始NotPetya中看到的激进网络传播。
此博客的要点:
- New ransomware samples, which we named HybridPetya, resembling the infamous Petya/NotPetya malware, were uploaded to VirusTotal in February 2025.HybridPetya encrypts the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions.Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition.One of the analyzed HybridPetya variants exploits CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems, leveraging a specially crafted cloak.dat file.ESET telemetry shows no signs of HybridPetya being used in the wild yet;该恶意软件没有显示在原始NotPetya中看到的激进网络传播。