By Daniel Lunghi and Ecular Xu – In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes.
In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has in common with Confucius and Patchwork, and its apparent use of Bahamut-like malware, is what makes it more intriguing as it connects Urpage to these other known threats.
In our previous entry, we already covered the Delphi component in the context of the Confucius and Patchwork connection. We mentioned Urpage as a third unnamed threat actor connected to the two. This time, we look into Urpage to gain a deeper insight into the way several threat actors’ actions intersect…
Lese weiter auf: The Urpage Connection to Bahamut, Confucius and Patchwork
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
- Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch
- December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities
- New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers
- Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities
- New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
- Water and Energy Sectors Through the Lens of the Cybercriminal Underground
- Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices
- Fake Voice Apps on Google Play, Botnet Likely in Development
- AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor
Diese Information erscheint unabhängig vom Artikel!