GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon
Security Affairs
MARCH 28, 2022
The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” “The archive contains documents and images of the bait, as well as VBScript code (Thumbs.db), which will create and run the.NET program “dhdhk0k34.com.”
Let's personalize your content