Tag: APT

A Quick Look at ELF Bifrose (Part 1)

Bifrose or Bifrost is a backdoor initially targeting Windows systems with a long history. First identified in the early 2000’s, it is believed a hacking group (likely BlackTech), purchased the source code or gained access to it around 2010, and enhanced the malware for use in its own campaigns. BlackTech has long targeted both Windows…

December 30, 2022
Overview of AppleSeed Dropper

02 June 2022 Summary The Kimsuky APT Group has routinely utilized the AppleSeed Backdoor to target various entities within South Korea, mainly for the purposes of espionage. While phishing still remains the primary vector of delivering the backdoor, over the past year, Kimsuky has gone to great lengths to disguise its attacks, utilizing numerous types…

June 5, 2022
Analyzing the Royal Road to Space Pirates

26 May 2022 While the actual blog post has been difficult to access for some, Positive Technologies released research on the Space Pirates APT group that has been spotted intruding on government, IT, and critical infrastructure networks in Russia, Georgia, and Mongolia. Believed to be operating since at least 2019, the Space Pirates group has…

May 26, 2022
A “GULP” of PlugX

Often attributed to Chinese-speaking threat actors, PlugX a remote access trojan(RAT), was identified by security researchers in 2012. With several variants of the RAT identified by vendors over the year, many techniques used to compromise systems have remained the same. While perusing public malware sandboxes for interesting new samples, I stumbled upon a Windows executable…

January 6, 2022
More Flagpro, More Problems

No stranger to this blog, BlackTech has continued to modify techniques to compromise networks and even suffered an OPSEC slip in the way of an open directory. This post will cover a malicious document similar to that identified by [1] PWC and [2] NTT in the previous reporting on the group. While I cannot definitively…

December 12, 2021