BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping Nodaria uses a new infostealer in attacks on state institutions of Ukraine

    Specialists from the information security company Symantec discovered that the Nodaria group is using new malware to steal data in attacks on state institutions in Ukraine. Symantec security researchers named the malware Graphiron.

    According to Symantec's report, the malware is written in Golang and is designed to collect a wide range of information from an infected computer, including system information, credentials, screenshots, and files.

    Graphiron is an improved version of the backdoor of the GraphSteel group that has features for running shell commands and collecting system information, files, credentials, screenshots, and SSH keys. The earliest evidence of Graphiron use is from October 2022, and it was used in attacks until at least mid-January 2023.

    In addition, the infection chain analysis shows the presence of two stages: the loader (stage 1) checks for the presence of certain malware analysis tools when executed - if they are not found, it will connect to the C2 server, download and decrypt the Graphiron payload (stage 2), and then add it to autorun.

    The payload is capable of performing the following tasks:

    • Retrieves hostname, system information, and user information;
    • Steals data from Firefox and Thunderbird;
    • Steals private keys from MobaXTerm;
    • Steals known SSH hosts;
    • Steals data from PuTTY;
    • Steals saved passwords;
    • Takes screenshots;
    • Creates a directory;
    • Lists a directory;
    • Runs a shell command;
    • Steals arbitrary files.

    The Nodaria group is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056 and was first discovered in January 2022. At that time, the group used the SaintBot and OutSteel malware in spear-phishing attacks aimed at Ukrainian government institutions.

    The group, which experts say has been active since at least April 2021, has repeatedly used dedicated GraphSteel and GrimPlant backdoors in various campaigns. Separate incursions also entailed the delivery of the Cobalt Strike Beacon for later exploitation.

    Author DeepWeb
    The Story of One Bug – Fortra GoAnywhere MFT
    New NewsPenguin Group uses spyware to steal Pakistan Navy Technology

    Comments 0

    Add comment