On December 24, 2017, our analysts observed the Korean-language implant Gold Dragon. We have named these implants, which appeared in December 2017, Gold Dragon, Brave Prince, Ghost419, and Running Rat, based on phrases in their code. McAfee ATR has now discovered additional implants that are part of an operation to gain persistence for continued data exfiltration and for targeted access. What was not determined at that time was what occurred after the attacker gained access to the victim’s system. The attack used a PowerShell implant that established a channel to the attacker’s server to gather basic system-level data. 2, 2018): McAfee Advanced Threat Research (ATR) recently released a report describing a fileless attack targeting organizations involved with the Pyeongchang Olympics. See indicators of compromise for this update at the bottom of this post. A key difference, however, is the attackers leveraged hacked servers is Santiago, Chile. The new variant has the same author and metadata as the original documents discovered in December, as well as a nearly identical implant. 5, 2018, indicating the attack has resumed. 12, 2018): A new variant of the original file-less implant appeared on Feb.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |