Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Turla: A Master of Deception

July 8, 2024, 10:55 a.m.

Description

This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. The attack leverages compromised websites, PowerShell scripts, and MSBuild to deploy the payload, which employs various evasion techniques like disabling security features, memory patching, and AMSI bypass. The malware establishes communication with its command and control servers and is capable of executing additional PowerShell scripts. The analysis also provides insights into the malware's capabilities, including its anti-detection mechanisms and ability to report information back to its operators.

Date

Published: July 8, 2024, 10:45 a.m.

Created: July 8, 2024, 10:45 a.m.

Modified: July 8, 2024, 10:55 a.m.

Indicators

cac4d4364d20fa343bf681f6544b31995a57d8f69ee606c4675db60be5ae8775

b6abbeab6e000036c6cdffc57c096d796397263e280ea264eba73ac5bab39441

c2618fb013135485f9f9aa27983df3371dfdcb7beecde86d02cee0c258d5ed7f

7091ce97fb5906680c1b09558bafdf9681a81f5f524677b90fd0f7fc0a05bc00

http://files.philbendeck.com/help/

http://files.philbendeck.com/file/

http://files.philbendeck.com/article/

http://files.philbendeck.com/about/

http://files.philbendeck.com/

files.philbendeck.com

Attack Patterns

Uroburos - S0022

Snake

Turla

T1127.001

T1562.002

T1059.001

T1071.001

T1562.001

T1036

T1140

Additional Informations

Philippines