![]() Nigeria Computer Emergency Response Team (ngCERT) NITDA Nigeria Nigerian Communications Commission The document also shows the code fragment from the implant’s main function. ✅Implant used to upload files via the Yandex email service: The document examines an implant downloaded from Yandex Disk and designed to send a single file, “ 111.log”, as an email attachment via the Yandex email service. One tool is designed to upload and download arbitrary files to and from Yandex Disk, and the other tool can upload and download files to and from 16 temporary file sharing services. ![]() ✅Tools for manual exfiltration of stolen files: The document reveals two tools used by the threat actor for manual data exfiltration. The document also provides indicators of compromise for the implants and a batch script used for cleanup. ✅Stack of implants used to upload files to Dropbox: The document analyzes a malware stack that consists of three implants forming a straight execution chain, which is used to upload files collected by a second-stage implant to Dropbox. ✅Common TTPs of attacks against industrial organizations: The document describes a series of attacks that targeted industrial enterprises in Eastern Europe, using various implants and tools to establish a permanent channel for data exfiltration, including from air-gapped systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |