docx file hash is obtained used for doing the phishing, which data is shown below: file This analysis takes as a starting point a post on twitter which shows a document with APT-C-36 compatible techniques and appearances. Preparing the path for NjRAT: the beginning In addition, It is provided a list of the IOCs of the previous campaigns, a summary of the behaviour in communications and a comparison of the adaptations/ modifications made in the last campaign that triggers in LimeRAT. The objective is to show, by means of a simplified comparison, how the deployment for these RATs is very similar. In this post we are going back to the Decemcampaign to explain in detail the deployment process of the malware in 5 stages observed until triggering NjRAT, considering this campaign as a case study. Moreover, this takes place in a context in which the previous NjRAT campaigns linked to APT-C-36 are still fresh and, in fact, NjRAT is an active malware through campaigns of various actors. This last point has caught the attention of the Lab52 team, since, as analysed in previous articles, LimeRat is considered an evolution of NjRAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |