
Comments
- No comments found
The code used by this threat actor is copy-pasted from various online forums. In active victim systems, Patchwork immediately searches for and uploads documents to their C&C, and only if the target is deemed valuable enough, proceeds to install a more advanced second stage malware.
It is impossible to reach clear attribution from the information available. Cymmetria included an attribution section in this document to document their research efforts in this regard.
It is the first targeted threat Cymmetria captured using a commercial deception product. According to their report, they were able to catch the threat actor’s second stage toolset, as well as lateral movement activity.
The full report can be found here: https://cymmetria.com/patchwork-targeted-attack/
All of the IOCs for this report can be found in Cymmetria's GitHub repository. The IOCs are provided in CSV and STIX formats: |
The content provided with this site is for article purposes only.
All images and content (C) the original authors.
Leave your comments
Login to post a comment
Post comment as a guest