Track Common Adversary Tasks Performed Using BADCALL

 






To know more about it, you can go through my detailed document by clicking here










Overview

BADCALL, a trojan malware used by Lazarus group, can make an infected system work as a proxy server via its three different types of 32-bits Windows executables.

How Does It Works?

Firstly, the malware disables the Windows Firewall, binds a particular network port, and listens for all the incoming connections. This allows the attackers to easily connect with the compromised network via a fake Transport Layer Security (TLS) handshake and also generates an ASCII code to authenticate their connection to BADCALL. Now, the threat actors are capable of commanding the malware to use the compromised system as a proxy server.

Prevention

The following steps can help in mitigating the malware:
  • Be careful while opening the attachments or links in an unsolicited email.
  • Regularly update the operating systems, antivirus, and the other security products.
  • Use non-administrative account for the other day-to-day computer activities like internet and email.
  • Apply strong password policies and discard the used passwords.
  • Regularly monitor the network, proxy, and firewall logs. 
  • User accounts accessed via infected machines must be reset on a clean device. 










To know more about it, you can go through my detailed document by clicking here




























Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)