TaxOff: You've Got a Backdoor...
Dec. 3, 2024, 4:50 p.m.
Tags
External References
Description
A sophisticated threat group named TaxOff has been discovered targeting Russian government agencies. The group uses phishing emails with legal and financial themes to deliver the Trinper backdoor, a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serialization, and a buffer cache for improved performance. It can inject code, manipulate files, execute commands, and perform keylogging. The backdoor communicates with command and control servers using encrypted channels and domain fronting techniques. TaxOff's combination of convincing social engineering and a complex backdoor makes their attacks particularly dangerous and difficult to detect.
Date
Published: Dec. 3, 2024, 4:26 p.m.
Created: Dec. 3, 2024, 4:26 p.m.
Modified: Dec. 3, 2024, 4:50 p.m.
Indicators
f699c309f0d2547a85f6623dc74cc452a1471cd77af2360116447244043ee0dd
dd3a609b7beb35fb2527e7ca1450ad40569b3ffbf67d84811fcf8ff09096d823
e93c1a0696b59a58e2444eb69ddf165eed71ad159624674a7fe6c91e9852443a
93b07ba651fb6dbebaaadb39cf45ddfea7af9d3943458a5630aa588080dcf335
7e82b3f1be69d34684a4aa4823ef0d5ae864db3501fae5a0c3697bcd28df5cef
6d4fac9e4c36face9e0d0a7fdec1cc1403b3188ecf5c24f1ac6c32981f9c72b2
2a0c6a66774cc535f51e1a12d81ba6aa346934aa542291cee0c57f3bc9373a8e
00f433c593204eaa1facb18d1a0dec4caee06915bbc8a51ad6bf47bf9e865fe8
193.37.215.111
185.158.248.91
server.1cscan.net
Attack Patterns
Trinper
TaxOff
T1090.004
T1132.001
T1187
T1055.012
T1573.002
T1573.001
T1566.002
T1115
T1056.001
T1204.002
T1083
T1071
T1020
T1041
Additional Informations
Government
Russian Federation