turla APT AKA The Uroburos group uses spear phishing campaigns, drive-by-infections, watering hole attacks, and social engineering to push their malware onto target networks. In spear phishing campaigns, the target receives a tailored email containing an executable RAR self-extracting archive (SFX). If opened, then the malware unpacks and installs itself (a .SCR executable) on the user system. When the Uroburos rootkit infects a machine, it can: execute arbitrary code, hide its activity on a system, identify and exfiltrate information such as files, capture network traffic, and infect other systems on the network. Uroburos consists of a driver (.sys file) and an encrypted virtual file system (.dat file). The complex driver seems to be specifically designed to be discrete and difficult to identify. Uroburos’ preferred attack vectors are social engineering attacks, watering hole attacks and USB infection
Subscribe to:
Post Comments (Atom)
-
When an authorities officer is composing a ticket at night, he is going to desire different light from a flashlight than when she is chasing...
-
Have you lost your data? It is a very upsetting situation when you get to know that you are not able to access data on your hard drive. The ...
-
Police officers and other emergency provider require trusted equipment that can serve them well as they serve others. Many of the tools that...
No comments:
Post a Comment