otx.alienvault.com Open in urlscan Pro
143.204.98.16  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (166820)
Suggest Edit
Clone
Embed
Download
Report Spam



CAMPAIGN ABUSING LEGITIMATE REMOTE ADMINISTRATOR TOOLS USES FAKE CRYPTOCURRENCY
WEBSITES

   
 * Created 30 minutes ago by AlienVault
 * Public
 * TLP: White

Trend Micro has been tracking a campaign involving the SpyAgent malware that
abuses well-known remote access tools (RATs) — namely TeamViewer — for some time
now. While previous versions of the malware have been covered by other
researchers, their blog entry focuses on the malicious actor’s latest attacks.
Trend Micro has observed a new cryptocurrency related campaign that abuses a
legitimate Russian RAT known as Safib Assistant via a newer version of the
malware called SpyAgent. This involves the exploit of a DLL sideloading
vulnerability, which causes a malicious DLL to load. This DLL hooks and patches
various API functions called by the RAT. This results in the RAT windows being
hidden from a user.

Reference:
https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html
Tags:
spyagent, safib assistant
Group:
Cryptocurrency Cybersecurity
Industry:
Finance
Targeted Country:
Russian Federation
Malware Families:
Spyagent , Safib Assistant
Att&ck IDs:
T1566 - Phishing , T1140 - Deobfuscate/Decode Files or Information , T1568 -
Dynamic Resolution , T1005 - Data from Local System , T1219 - Remote Access
Software

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (76)
 * Related Pulses (4)
 * Comments (0)
 * History (0)


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2021 AlienVault, Inc.
   
 * Legal
   
 * Status