BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping Nodaria uses a new infostealer in attacks on state institutions of Ukraine

    Specialists from the information security company Symantec discovered that the Nodaria group is using new malware to steal data in attacks on state institutions in Ukraine. Symantec security researchers named the malware Graphiron.

    According to Symantec's report, the malware is written in Golang and is designed to collect a wide range of information from an infected computer, including system information, credentials, screenshots, and files.

    Graphiron is an improved version of the backdoor of the GraphSteel group that has features for running shell commands and collecting system information, files, credentials, screenshots, and SSH keys. The earliest evidence of Graphiron use is from October 2022, and it was used in attacks until at least mid-January 2023.

    In addition, the infection chain analysis shows the presence of two stages: the loader (stage 1) checks for the presence of certain malware analysis tools when executed - if they are not found, it will connect to the C2 server, download and decrypt the Graphiron payload (stage 2), and then add it to autorun.

    The payload is capable of performing the following tasks:

    • Retrieves hostname, system information, and user information;
    • Steals data from Firefox and Thunderbird;
    • Steals private keys from MobaXTerm;
    • Steals known SSH hosts;
    • Steals data from PuTTY;
    • Steals saved passwords;
    • Takes screenshots;
    • Creates a directory;
    • Lists a directory;
    • Runs a shell command;
    • Steals arbitrary files.

    The Nodaria group is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056 and was first discovered in January 2022. At that time, the group used the SaintBot and OutSteel malware in spear-phishing attacks aimed at Ukrainian government institutions.

    The group, which experts say has been active since at least April 2021, has repeatedly used dedicated GraphSteel and GrimPlant backdoors in various campaigns. Separate incursions also entailed the delivery of the Cobalt Strike Beacon for later exploitation.

    Author DeepWeb
    The Story of One Bug – Fortra GoAnywhere MFT
    New NewsPenguin Group uses spyware to steal Pakistan Navy Technology

    Comments 0

    Add comment