IT threat evolution Q3 2023
SecureList
DECEMBER 1, 2023
However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org Instead, it tried to exploit the CVE-2017-0199 vulnerability. org domain.
Let's personalize your content