Cert2Connect

Turla A Master of Deception

This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. The attack leverages compromised websites PowerShell scripts and MSBuild to deploy the payload which employs various evasion techniques like disabling security features memory patching and AMSI bypass. The malware establishes communication with its command and control servers and is capable of executing additional PowerShell scripts. The analysis also provides insights into the malwares capabilities including its anti-detection mechanisms and ability to report information back to its operators.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak