Track Common Adversary Tasks Performed Using BadPatch

 





To know more about it, you can go through my detailed document by clicking here













Overview

BadPatch, a Windows trojan that was used in a Gaza Hackers-linked campaign was first detected in 2017 and spreads via phishing emails containing the macro-laced attachments with payload of the malware. Although it attacks only Windows systems, but, there are evidences of it being used in targeting Android devices via a bogus app.

Capabilities

After successful infiltration, BadPatch may allow the attackers to:
  • Collect information related to the hardware and software host.
  • Look for certain filetypes and filenames, which will be targeted for exfiltration.
  • Swap between SMTP and HTTP C&C (Command & Control) servers.
  • Take screenshots of the active windows and the user's desktop.
  • Execute a keylogging module that would trace the keystrokes of the victim.


Remedy

The following measures may help in the prevention and mitigation of this trojan:
  • Regular application update is necessary in order to protect against known vulnerabilities;

  • User input validation should be employed so that local as well as remote file inclusion vulnerabilities can be restricted;

  • Use of web application firewall, regular signature virus checkups, application fuzzing, code reviews, server network analysis, etc. can be of much help;

  • Regular system and application vulnerability scans can also highlight any possible areas of concern; etc...


















To know more about it, you can go through my detailed document by clicking here




























































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)