Category: Dropper


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

APTAPT reportsDropperFeaturedMalware DescriptionsSecurity FeedsSofacySpear PhishingTargeted Attacks

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this…

APTAPT reportsCyber espionageDropperFeaturedRussian-speaking cybercrimeSecurity FeedsTargeted Attacks

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and Windows malware. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities. The name was originally coined by ESET in 2017 after the 0ct0pus3.php script used by the actor on their old…

DropperGitGitBackdorizerHookMacNEW TOOLSParameter

GitBackdorizer – Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials

GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials.How it WorksGitBackdorizer consists of three pieces: handler, dropper and the payload.HandlerThe handler sets up a HTTP server to capture the credentials and offers a menu to configure the dropper's payload. The dropper delivery is responsability of the attacker.DropperThe dropper is designed to have the highest possible compatibility, avoiding any non-sh specific feature. It works by:Identify if…

Antivirus EvasionAntivirus TestingAv EvasionDropperEndpoint BypassLoaderMeterpreter Reverse HTTPNEW TOOLSReverse HTTPSpookFlarex86

SpookFlare v2.0 – Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads.ObfuscationEncodingRun-time Code CompilingCharacter SubstitutionPatched Meterpreter Stage SupportBlocked powershell.exe Bypass ___ ___ ___ ___ _…