Newly Discovered Threat Actor Tools Able to Evade Antivirus Software and Delete Backup Files

Published:

spot_img

Threat Actor Tools Found in Open Directory: Analysis and Indicators of Compromise

Security researchers have unearthed a goldmine of threat actor tools capable of circumventing top-notch security defenses like Windows Defender and Malwarebytes. These malicious tools can wipe out backups, disable critical systems, and execute various nefarious activities undetected.

The threat actors have been leveraging tools such as SLiver, Ngrok, SystemBC, and PoshC2 to establish communication with their Command-and-control servers. It is believed that these tools have been instrumental in ransomware attacks that have been ongoing since September 2023, with the latest incidents reported in August 2024.

In a groundbreaking discovery in December 2023, DFIR threat researchers stumbled upon an open directory housing a plethora of batch scripts specifically designed for defense evasion and executing command and control payloads. These scripts are proficient at disabling security measures, halting essential services, and establishing command and control channels on both Windows and Linux systems.

The researchers dissected the scripts into three distinct attack phases: Defense Evasion, Persistence and Privilege Escalation, and Command and Control. Each set of scripts focuses on different tactics to infiltrate and maintain control over compromised environments.

Cyble threat researchers emphasized the critical importance of analyzing these scripts to gain insight into the attackers’ strategies and to develop effective countermeasures. The open directory contains 24 batch scripts that are instrumental in executing various attack techniques, including disabling security software, deleting backups, and establishing communication channels with C2 servers.

The researchers also identified several indicators of compromise (IoCs) and MITRE ATT&CK techniques associated with PoshC2 threat actors, shedding light on the sophisticated nature of their operations and the need for robust cybersecurity defenses to combat such threats effectively.

spot_img

Related articles

Recent articles

ThreatsDay: Global Fraud Bust Nets 5,811 Arrests, Uncovers Cloud Bucket Hijacking and Windows LPE Chain Among 17 Critical Cybersecurity Threats

ThreatsDay: Global Fraud Bust Nets 5,811 Arrests, Uncovers Cloud Bucket Hijacking and Windows LPE Chain Among 17 Critical Cybersecurity Threats In a significant development in...

Enterprises Challenge AI Hype to Unlock Measurable Business Value

Enterprises Challenge AI Hype to Unlock Measurable Business Value In today's rapidly evolving technological landscape, the challenge of distinguishing genuine operational utility from architectural hype...

Bank of Central African States (BEAC) Strengthens Cross-Border Payments by Joining Pan-African Payment and Settlement System (PAPSS)

Bank of Central African States (BEAC) Strengthens Cross-Border Payments by Joining Pan-African Payment and Settlement System (PAPSS) The recent accession of the Bank of Central...

Transforming Alerts into Actionable Results: The Five-Step Model for Effective Video Analytics in Control Rooms

Transforming Alerts into Actionable Results: The Five-Step Model for Effective Video Analytics in Control Rooms Control rooms are critical hubs for security operations, yet they...