Post List
Theo Chen | Tuesday, Mar 31 2020
We got a new variant of XLoader via a link http://wrssa[.]xyz from scam
SMS message in mid-March 2020. It is a new version of XLoader using Blogspot and
Pinterest to deliver C&C address and phishing sites.
Theo Chen, Zero Chen | Monday, Feb 17 2020
In July 2019, one of our customer’s company suffering the APT attack and we start the
investigation immediately. During the investigation we found a brand new backdoor sample, which
implements lots of features by using Dropbox API, using Dropbox like a C&C server. After the
reverse engineering, we extract the Dropbox token used by the sample, dig into Dropbox folder,
and reveal the whole functional structure.
READ MORE