Most businesses don’t realize it, but employees, vendors and even software applications often have more access than they need. This might seem harmless until a cybercriminal gets in. The more doors left open, the easier it is for an attacker to move deeper into your systems. The Principle of Least [...]
The EAGERBEE backdoor, deployed at ISPs and governmental entities in the Middle East, has been analyzed to reveal new components and capabilities. The malware uses a novel service injector to inject the backdoor into running services, and employs several plugins for various malicious activities. The initial infection vector remains unclear, but some organizations were breached via the ProxyLogon vulnerability. The analysis uncovered potential links between EAGERBEE and the CoughingDown threat group, including code similarities and overlapping command and control infrastructure. The malware’s memory-resident architecture and ability to inject code into legitimate processes enhance its stealth capabilities, making detection challenging.
United States (2)Singapore (1)Poland (1)United Kingdom (1)
|
type
|
indicator
|
|
|---|---|---|
| FileHash-MD5 | 183f73306c2d1c7266a06247cedd3ee2 | |
| FileHash-MD5 | 9d93528e05762875cf2d160f15554f44 | |
| FileHash-MD5 | c651412abdc9cf3105dfbafe54766c44 | |
| FileHash-MD5 | 26d1adb6d0bcc65e758edaf71a8f665d | |
| FileHash-MD5 | 35ece05b5500a8fc422cec87595140a7 | |
| IPv4 | 62.233.57.94 | |
| IPv4 | 82.118.21.230 | |
| IPv4 | 194.71.107.215 | |
| IPv4 | 151.236.16.167 | |
| hostname | www.socialentertainments.store |
Post comments (0)