In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.
Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.
*** This is a Security Bloggers Network syndicated blog from Bitdefender Labs authored by Liviu Arsene. Read the original post at: https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/