BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Infostealers rob users of the Ukrainian military system Delta


    Users of the system were infected through letters sent from a hacked email of the Ministry of Defense of Ukraine.

    Delta is a Ukrainian information support system for decisions and situational awareness on the battlefield. The program was created to improve the coordination of actions of various units of the Ukrainian army. Delta has integration with various external intelligence systems, such as: satellites, radars, various sensors and cameras, as well as a Telegram chat bot called "e-Vorogh". Each soldier can enter his data on the general map, as well as view data entered by other military or intelligence services. Each user is assigned his own access level, corresponding to his combat missions and rank.

    In addition, the system uses digital certificates for code signing and server authentication. This is necessary so that the information security systems know that the application has not been modified, and the server operator is who he claims to be.

    During this malicious campaign, unknown hackers used a hacked email from the Ukrainian Ministry of Defense. From it, the attackers sent letters to Delta users, in which they urged them to renew their certificates as soon as possible in order to continue using the system safely. According to CERT-UA, the malicious emails contained PDF documents with instructions for installing certificates, as well as links to download a ZIP archive called "certificates_rootCA.zip".

    The archive contains a digitally signed executable called "certificates_rootCA.exe", which, when run, creates several DLL files on the victim's system and runs the "ais.exe" file, which mimics the certificate installation process. This step convinces the victim of the legitimacy of what is happening and dulls the vigilance.

    Exe and dll files are protected by VMProtect, a legitimate software that is used to wrap files in standalone VMs and encrypt their contents, making it impossible for antivirus tools to analyze or detect.

    However, CERT-UA specialists were able to analyze two dlls - FileInfo.dll and procsys.dll - which turned out to be malware dubbed FateGra' and StealDeal.

    FateGrab is an infostealer targeting documents and emails in the following formats: '.txt', '.rtf', '.xls', '.xlsx', '.ods', '.cmd', '.pdf', ' .vbs', '.ps1', '.one', '.kdb', '.kdbx', '.doc', '.docx', '.odt', '.eml', '.msg', ' .email'.

    StealDeal is also an infostealer, but it is already aimed at the victim's browser history and saved passwords.

    So far, CERT-UA has not been able to link this malicious campaign to any hacker group.

    Author DeepWeb
    Microsoft spoke about the Achilles heel in the protection of macOS
    How a macOS virus changed the world of cybersecurity

    Comments 0

    Add comment