Antlion APT group used a custom backdoor that allowed them to fly under the radar for months
Security Affairs
FEBRUARY 3, 2022
The xPack backdoor is a.NET loader that fetches and executes AES-encrypted payloads, it supports multiple commands. Attackers also used legitimate versions of WinRAR appear for data exfiltration and batch scripts to automate the data collection process. ” concludes the report that includes IoCs and Yara Rules.
Let's personalize your content