Track Common Adversary Tasks Performed Using BONDUPDATER
To know more about it, you can go through my detailed document by clicking here
Overview
BONDUPDATER, a PowerShell backdoor used by OilRig was detected in November 2017 and updated in August 2018. It has launched various attack campaigns against the Middle East targeting the government as well as corporate sector organizations via phishing emails from time-to-time.
How Does It Works?
As stated above, this trojan contains a basic backdoor functionality which permits the threat actors to perform various tasks like- upload and download files, execute commands, terminate running processes, add or delete a file, etc. It make use of DNS tunneling to connect with the C&C server.
Mitigation
The following methods might help in mitigating the cyber threat:
- Always maintain web server patching, log audits, and run the the web services with minimum operating system permissions.
- Regularly update the security services of all the apps and operating systems present in your system.
- You should also have a forensics-ready network with centralized event logging, file detonation services, as well as updated asset inventories in order to maintain an efficient incident response.
- Always maintain an updated antivirus and enabled cloud-delivered protection.
- In order to detect any kind of credential dumping or breach, rely on behavioral detection solutions.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment