Copy cat of APT Sidewinder ?

  • Downloading HTA
  • Decode backdoor and drops files in the %TEMP%
  • Use the same name “prebothta”
  • Use the same name of dll for the sideloading and the same legit software

Operating Mode

Network

Execution

About the Backdoor

Threat Intelligence

The image file in the document of the spear phishing

--

--

--

Malwarist,Threat Huntist and pythonist / core dev of #yeti/ member of @ProjectHoneynet / co-organizer #BotConf / researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sebdraven

Sebdraven

Malwarist,Threat Huntist and pythonist / core dev of #yeti/ member of @ProjectHoneynet / co-organizer #BotConf / researcher

More from Medium

Announcing Azure in BloodHound Enterprise

MITRE ATT&CK — things you might have missed…

Cyber Security in The Times of Remote Working

Know how to share your intelligence with the Traffic Light Protocol