GhostWriter APT targets state entities of Ukraine with Cobalt Strike BeaconĀ
Security Affairs
MARCH 28, 2022
The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” “The archive contains documents and images of the bait, as well as VBScript code (Thumbs.db), which will create and run the.NET program “dhdhk0k34.com.” Pierluigi Paganini.
Let's personalize your content