Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Trend Micro (US)<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\">\n<link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendmicro\/clientlibs\/trendmicro-core-2\/clientlibs\/header-footer.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html\"><br \/>\n<meta property=\"og:title\" content=\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit\"><br \/>\n<meta property=\"og:description\" content=\"Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. \"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/25\/ldap-nightmare-poc-976.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit\"><br \/>\n<meta name=\"twitter:description\" content=\"Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. \"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/25\/ldap-nightmare-poc-976.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"49.508664627931\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"907291622\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8\">\n<div class=\"article-details\" role=\"heading\" readability=\"36\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Cyber Threats<\/p>\n<p class=\"article-details__description\">Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.\n<\/p>\n<p class=\"article-details__author-by\">By: Sarah Pearl Camiling <time class=\"article-details__date\">January 09, 2025<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<div class=\"article-details__icons\">  <\/p>\n<div class=\"a2a_kit a2a_default_style\" data-a2a-icon-color=\"#717172\"> <a class=\"a2a_dd addthis_link\" href=\"https:\/\/www.addtoany.com\/share\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch\/resources\/img\/share-more.svg\" class=\"svg-icon\" alt=\"Share\"> <\/a> <a class=\"a2a_button_print addthis_link\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch\/resources\/img\/printer.svg\" class=\"svg-icon\" alt=\"Print\"> <\/a> <\/div>\n<p>   <\/div>\n<\/div><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-lg-8 col-lg-push-2\"> <\/p>\n<div class=\"richText\" readability=\"39.53466026081\">\n<div readability=\"26.673987645848\">\n<p>In December 2024, <a href=\"https:\/\/www.safebreach.com\/blog\/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113\/\">two critical vulnerabilities<\/a> in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft\u2019s monthly <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2024\/12\/10\/the-december-2024-security-update-review\">Patch Tuesday<\/a> release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-49112\"><b>CVE-2024-49112<\/b><\/a>: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system. <\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-49113\"><b>CVE-2024-49113<\/b><\/a>: A denial-of-service (DoS) vulnerability that can be exploited to crash the LDAP service, leading to service disruptions. <\/span><\/li>\n<\/ul>\n<p>In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing malware.<\/p>\n<p>Although the tactic of using PoC lures as vehicle for malware delivery is not new, this attack still poses significant concerns, especially since it capitalizes on a trending issue that could potentially affect a larger number of victims. <\/p>\n<p><span class=\"body-subhead-title\">Technical analysis<\/span><\/p>\n<p>The malicious repository containing the PoC appears to be a fork from the original creator. In this case, the original Python files were replaced with the executable <i>poc.exe<\/i> that was packed using UPX. Although the repository is seemingly normal at first glance, the presence of the executable raises suspicion due to its unexpected presence in a Python-based project.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"be1eb6\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig1.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig1.png\" alt=\"Figure 1. Repository containing \u201cpoc.exe\u201d\"> <\/a> <\/p>\n<div class=\"caption-image-container \"><figcaption>Figure 1. Repository containing \u201cpoc.exe\u201d<\/figcaption><\/div>\n<\/figure><\/div>\n<div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>When a user executes the file, a PowerShell script is dropped and executed in the <i>%Temp%<\/i> folder. This will create a Scheduled Job, which in turn executes an encoded script.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"42a695\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig2.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig2.png\" alt=\"Figure 2. Code snippet showing the creation of the Scheduled Job\"> <\/a> <\/p>\n<div class=\"caption-image-container \"><figcaption>Figure 2. Code snippet showing the creation of the Scheduled Job<\/figcaption><\/div>\n<\/figure><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"48a5d5\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig3.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig3.png\" alt=\"Figure 3. Downloading another script from Pastebin\"> <\/a> <\/p>\n<div class=\"caption-image-container \"><figcaption>Figure 3. Downloading another script from Pastebin<\/figcaption><\/div>\n<\/figure><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p>Once decoded, the script downloads another script from Pastebin, which collects the public IP address of the victim\u2019s machine and uploads it using FTP.<\/p>\n<p>The following information is then collected and compressed using ZIP, after which it will be uploaded to an external FTP server using hardcoded credentials. <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Computer information<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Process list<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Directory lists (Downloads, Recent, Documents, and Desktop)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Network IPs<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Network adapters<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Installed updates<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"ff8446\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig4.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/fig4.png\" alt=\"Figure 4. Exfiltrating the gathered information\"> <\/a> <\/p>\n<div class=\"caption-image-container \"><figcaption>Figure 4. Exfiltrating the gathered information<\/figcaption><\/div>\n<\/figure><\/div>\n<div class=\"richText\" readability=\"44.888290398126\">\n<div readability=\"36.682903981265\">\n<p>Protecting against fake repositories containing malware involves adopting a combination of technical measures, security awareness, and best practices. This includes the following: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Always download code, libraries, and dependencies from official and trusted repositories. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Be cautious of repositories with suspicious content that may seem out of place for the tool or application it is supposedly hosting. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">If possible, confirm the identity of the repository owner or organization. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Review the repository\u2019s commit history and recent changes for anomalies or signs of malicious activity. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Be cautious of repositories with very few stars, forks, or contributors, especially if they claim to be widely used. <\/span><\/li>\n<li><span class=\"rte-red-bullet\">Look for reviews, issues, or discussions about the repository to identify potential red flags. <\/span><\/li>\n<\/ul>\n<p>More details on both LDAP vulnerabilities can be found in our <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/a\/what-we-know-about-cve-2024-49112-and-cve-2024-49113.html\">previous blog entry<\/a>, which also provides information on the Trend Micro rules and filters created to provide protection against the exploitation of CVE-2024-49113. <\/p>\n<p>To stay ahead of evolving threats, Trend customers can access a range of Intelligence Reports and Threat Insights within <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform.html\">Trend Vision One<\/a>. Threat Insights helps customers stay ahead of cyber threats before they happen and be better prepared for emerging threats. It offers comprehensive information on threat actors, their malicious activities, and the techniques they use. By leveraging this intelligence, customers can take proactive steps to protect their environments, mitigate risks, and respond effectively to threats.\u202f<\/p>\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<p>Trend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.\u202f\u202f\u202f\u202f<\/p>\n<p><span class=\"blockquote\"><i>Suspicious PowerShell script under subdirectory of %LocalAppData%<\/i><\/span><\/p>\n<p>eventSubId: 101 AND objectFilePath: \/AppData\\\\Local\\\\Temp\\\\\\w+\\.tmp\\\\\\w+\\.tmp\\\\\\w+\\.ps1\/<\/p>\n<p>More hunting queries are available for Trend Vision One customers with\u202f<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform\/threat-insights.html\">Threat Insights Entitlement enabled<\/a>.\u202f<\/p>\n<p>The list of IOCs for this blog entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-\/ioc-information-stealer-masquerades-as-ldapnightmare-poc-exploit.txt\">here<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>  <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/a\/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9508,9513,9509],"class_list":["post-57974","post","type-post","status-publish","format-standard","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"\n<title>Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-09T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit\",\"datePublished\":\"2025-01-09T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/\"},\"wordCount\":712,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trendmicro.scene7.com\\\/is\\\/image\\\/trendmicro\\\/ldap-nightmare-poc-976:Large?qlt=80\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/\",\"name\":\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trendmicro.scene7.com\\\/is\\\/image\\\/trendmicro\\\/ldap-nightmare-poc-976:Large?qlt=80\",\"datePublished\":\"2025-01-09T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trendmicro.scene7.com\\\/is\\\/image\\\/trendmicro\\\/ldap-nightmare-poc-976:Large?qlt=80\",\"contentUrl\":\"https:\\\/\\\/trendmicro.scene7.com\\\/is\\\/image\\\/trendmicro\\\/ldap-nightmare-poc-976:Large?qlt=80\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/","og_locale":"en_US","og_type":"article","og_title":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-01-09T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit","datePublished":"2025-01-09T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/"},"wordCount":712,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/","url":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/","name":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80","datePublished":"2025-01-09T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#primaryimage","url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80","contentUrl":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ldap-nightmare-poc-976:Large?qlt=80"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57974"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57974\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":57974,"date":"2025-01-09T00:00:00","date_gmt":"2025-01-09T00:00:00","guid":{"rendered":"urn:uuid:88cd629c-96b7-2a43-29f3-af6fd1baa1ab"},"modified":"2025-01-09T00:00:00","modified_gmt":"2025-01-09T00:00:00","slug":"information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/information-stealer-masquerades-as-ldapnightmare-cve-2024-49113-poc-exploit\/","title":{"rendered":"Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit"},"content":{"rendered":"