GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

Score: 80/100 Kaspersky Securelist 4 hours ago Part of cluster #1187

Table of Contents GhostContainer: the backdoor Stub: C2 parser and dispatcher App_Web_843e75cf5b63: virtual page injector App_Web_8c9b251fb5b3: web proxy StrUtils: string and XML format processing class Infrastructure Victims Attribution Conclusions Indicators of compromise GReAT In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the...

Continue Reading on Original Site

Recommended Articles

Oracle-Lücke birgt Gefahr für RCE-Attacken

Threat Intelligence

Ransomware 6

Malware 1

reGeorg

MITRE ATT&CK 1

Proxy

Business Intelligence

Companies 1

Microsoft

Platforms 5

Container Exchange Server IIS Microsoft Exchange Windows

Technical Indicators

CVEs 1

CVE-2020-0688

Domains

ASP.NET

ExchangeCmdPy.py

File Hashes

01d98380dfb92112...

Information

Article ID: #3602
Published: 4 hours ago
Source: Kaspersky Securelist

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

Recommended Articles

Oracle-Lücke birgt Gefahr für RCE-Attacken

Mobile Forensics Tool Used by Chinese Law Enforcement Dissected

China-linked hackers target Taiwan chip firms in a coordinated espionage campaign

Security Vulnerabilities in ICEBlock

Cisco Patches Another Critical ISE Vulnerability

Recommended Articles

Oracle-Lücke birgt Gefahr für RCE-Attacken

Mobile Forensics Tool Used by Chinese Law Enforcement Dissected

China-linked hackers target Taiwan chip firms in a coordinated espionage campaign

Security Vulnerabilities in ICEBlock

Cisco Patches Another Critical ISE Vulnerability

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies