APT threat group Platinum has a shiny new plaything: A custom trojan backdoor dubbed Titanium. The backdoor’s name, aside from keeping with the silvery metal theme, comes from password to one of the self-executable archives found in the code. According to Kaspersky researchers who analyzed the malware, it can, among other things, read any file from a file system and exfiltrate the data; drop or delete a file in the file system; drop a file and run it; run a command line and upload the execution results; and update configuration parameters (except the AES encryption key). It also features an interactive mode which allows to the attacker to receive input from console programs. Titanium was spotted as the final payload in a campaign that also included dropper placement, additional downloading and installing stages in its infection vector, the researchers said. Interestingly, the malware hides along the way during each of these steps by mimicking file names for common software, including security packages, sound drivers and DVD video-creation tools. Platinum is one of the most technologically advanced APT actors out there, with a traditional focus on the APAC region, the researchers said, and this campaign bore that out: Victims were located in South and Southeast Asia. A Multi-Stage Affair The complex sequence of stages in all of the observed attacks so far starts with an exploit capable of gaining code-execution as a SYSTEM user, after which the adversaries install a…
http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-08 16:35:002019-11-08 16:35:00Platinum APT Shines Up New Titanium Backdoor
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org