A new wave of distribution began on 22 August.
The script is a Downloader, whose main task is to download and run the executable file (module) load.exe that becomes the window for intruders.
Malicious file collects information on the victim’s computer and sends it to the command centers of the attackers. This same file is waiting for instructions from the attackers to install additional modules. They turn the victim’s computer in the desired for hackers resource (it may be backdoor through which attackers can infiltrate the infrastructure, bypassing the protection; the Keylogger is to gather information about the keystrokes and send it to the command centers; a scanner that will gather information about grab infrastructure and much more).
At the moment access to the site impossible. Instead it is a plug that the resource is blocked by the administrator of the hosting provider Besthosting.
“Perhaps the attackers have used the vulnerability of the site to host the malicious file, or is the result of the attack NotPetya 27.06.2017 (attackers left any possibility of unauthorized entry and now they have used). So maybe this is the first “swallow” of preparing a full-scale cyber-attacks before the holidays,” say the experts ISSP Labs.
© 2017 – 2019, paradox. All rights reserved.