CVE-2022-23748

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-23748 is a software vulnerability, specifically a flaw in the design or implementation of Audinate's Dante Discovery software. This vulnerability allows for malicious exploitation via DLL side-loading schemes, where the affected software, due to its flawed design, loads and executes a malicious DLL file instead of the legitimate one. The particular DLL targeted in this case is dal_keepalives.dll, which is hijacked by threat actors to exploit the vulnerability. The exploit was utilized as part of a cyber campaign that leverages spear-phishing emails to deliver archive files containing a digitally signed executable and a malicious DLL. The executable is named to match the context of the email, thereby tricking the recipient into thinking it is a legitimate attachment. Once the archive is opened, the malicious DLL exploits CVE-2022-23748 in Dante Discovery software to side-load a malware named "CurKeep" onto the victim's system. This campaign uses a sophisticated approach combining social engineering (spear-phishing) with a technical exploit (DLL side-loading via CVE-2022-23748). It highlights the importance of maintaining up-to-date software patches and educating users about the dangers of opening unsolicited email attachments. Users of Audinate's Dante Discovery software should ensure they have applied any available patches to mitigate this vulnerability and prevent potential compromise of their systems.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Curkeep
1
CurKeep is a malware that was first discovered in 2021 as part of an espionage campaign known as "Stayin' Alive". This campaign targeted the telecommunications industry and governments in Vietnam, Uzbekistan, and Kazakhstan. The attack chain began with a spear-phishing email containing a ZIP file at
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Chinese
Vulnerability
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ToddycatUnspecified
1
ToddyCat is a sophisticated Advanced Persistent Threat (APT) actor, likely Chinese-speaking, that has been active since at least December 2020. It primarily operates in Asia, targeting government entities in Malaysia, Thailand, and Pakistan. In 2022, Kaspersky reported finding ToddyCat actors using
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-23748 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
ToddyCat hackers use 'disposable' malware to target Asian telecoms
InfoSecurity-magazine
9 months ago
Chinese APT ToddyCat Targets Asian Telecoms, Governments
CERT-EU
10 months ago
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
Checkpoint
10 months ago
Stayin’ Alive - Targeted Attacks Against Telecoms and Government Ministries in Asia - Check Point Research