Discover and read the best of Twitter Threads about #winnti

Most recents (2)

#ESETresearch has recently discovered a new undocumented modular backdoor, SideWalk, that was used by an APT group we named SparklingGoblin during one of its recent campaigns targeting a US-based computer retail company 🇺🇸. welivesecurity.com/2021/08/24/sid… @passil_t @mathieutartare 1/6
SideWalk is a modular backdoor that can dynamically load additional modules sent from the C&C server, makes use of Google Docs as a dead drop resolver, and @Cloudflare workers as a C&C server. It can also properly handle communication behind a proxy. 2/6
This backdoor shares multiple similarities with another backdoor used by the group: CROSSWALK, which FireEye was first to attribute to #APT41. This backdoor is referenced as ScrambleCross by Trend Micro 3/6
Read 6 tweets
#ESETresearch stumbled upon strange samples which use the packer we described in publications on the #Winnti Group. The payload in these samples is an implant attributed to Equation. It is known as PeddleCheap according to the project names seen in the Shadow Brokers leaks. 1/8
Those samples were first seen in 2017, one year before it was used in the compromised games in 2018 (welivesecurity.com/2019/03/11/gam…). They are 8b8d2eb8de66890f4c0950ccb3fff95b0f42b9e1 and b48beb5e49976294287b1d6910d7445db83e5cf2. #ESETresearch @marc_etienne_ 2/8
These particular executables do 3 things: launch the legitimate Adobe Flash installer, copy itself to %TEMP%\micrit.exe and start PeddleCheap. #ESETresearch @marc_etienne_ 3/8
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!