Track Common Adversary Tasks Performed Using adbupd

 










To know more about it, you can go through my detailed document by clicking here












Overview

PLATINUM make use of various backdoors to infect or attack a computer, one of them is adbupd, which is considered as a non-essential file for Windows OS and not likely to cause any problems. However, it can be used as a backdoor to send corrupted files, if not handled carefully.

Features

Some of its salient features are as follows:
  • It can be automatically installed in various file names within the Program Files directory.
  • Plug-ins can be supported in order to modularize functionality.
  • The OpenSSL library is present to support encryption while sending or receiving data.
  • There is also a functionality to copy cmd.exe.
  • This configuration file is same as the original Dipsind family.
  • It can use various methods for persistence, like, using WMI/MOF compiled scripts.

Identity

Although the original identity of the PLATINUM attacker is still unknown, we can deduce the following factors:
  • Using Multiple Backdoors- As explained above, PLATINUM uses multiple backdoors which implies that there is a whole team of threat actors working against varying victim networks.

  • Zero Day Exploits- It has continuously used various zero-day exploits against its victims that requires a considerable amount of monetary investments. 

  • Victim Geography- They always research on their victims which are mainly related to government sector of South and South-East Asia.

  • Tools- Usage of the tools like port-knocking backdoor, etc. refers to organized thinking as well as their ability to adapt to the victim's networks proving that their resources are well-maintained and developed accordingly. 

Remedy

In order to avoid issues with adbupd, your computer must be kept clean and tidy by frequently scanning for any kind of malware, cleaning your hard drive, uninstalling the programs no longer in use, and enabling the Windows' automatic update feature; and lastly, never forget to perform periodic backups or assign restore points.  












To know more about it, you can go through my detailed document by clicking here


Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)