IT threat evolution Q3 2023
SecureList
DECEMBER 1, 2023
However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org An Excel document was attached to the message. org domain.
Let's personalize your content