![]() The zero-day exploit was tracked as CVE-2016-4117. In the same year, Microsoft observed a campaign by the same group targeting specific users with a zero-day vulnerability in Adobe Flash. The actor group set up a domain name that mimicked the official WinRAR distribution site and placed links to the trojanized WinRAR installer on a certified distributor website. The software packages are used by niche user groups interested in solid encryption. In 2016 StrongPity was detected by Kaspersky in a campaign that targeted specific users in Belgium and Italy who were interested in Truecrypt and Winrar software. The group is also referred to as APT-C-41 and PROMETHIUM. The StrongPity actor group has been around since 2012 and employs the same tactics, namely adding backdoors to legitimate software used by specific users. Furthermore, the malicious backdoor will be reversed briefly and based on that intelligence to hunt for additional indicators, and finally, the article will end with some observations and a conclusion. This article will outline the background of this alleged Turkish nation-state actor or nation-state-sponsored group. They have been around for many years, deploy interesting tactics at scale, and are observed in geopolitical disputes. This tweet triggered some personal interest to start a deep dive into this nation-state actor group. The referred malware sample communicates to its command and control server “ ” (c2) for further instructions. APT is an industry name for referring to states involved in cyber operations. The information in the tweet tells people with interest in this field that someone found a malicious malware sample with a unique value “ 95ff679f525c44e4abac8e61f8052ca5 ” from an Advanced Persistent Threat actor group called StrongPity. ![]() This time the story will start with a tweet that matched my intelligence requirements on 15 March 2021: "#apt #strongpity new sample hunted md5:95ff679f525c44e4abac8e61f8052ca5 c2:" The goal is to understand a particular topic better, improve my investigation or writing skills, and generate a reliable story anchored with evidence. Usually, I pick a story that I have no real in-depth or prior knowledge about. For the ones who are new to the list, I regularly pick an exciting tweet that matched my intelligence requirements and generated anchored stories on geopolitical (cyber) threats, digital forensics, and crime from that. ![]() First, a warm welcome to the new subscribers of the Anchored Narratives mailing list. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |