Main Menu

Stay Connected

Join my mailing list and stay informed of all the lasted news and blog posts!

Get Social

The code used by this threat actor is copy-pasted from various online forums. In active victim systems, Patchwork immediately searches for and uploads documents to their C&C, and only if the target is deemed valuable enough, proceeds to install a more advanced second stage malware.

It is impossible to reach clear attribution from the information available. Cymmetria included an attribution section in this document to document their research efforts in this regard.

It is the first targeted threat Cymmetria captured using a commercial deception product. According to their report, they were able to catch the threat actor’s second stage toolset, as well as lateral movement activity.

The full report can be found here:

All of the IOCs for this report can be found in Cymmetria's GitHub repository. The IOCs are provided in CSV and STIX formats:

Leave your comments

Post comment as a guest

Your comments are subjected to administrator's moderation.
terms and condition.
  • No comments found

Site Disclaimer


The content provided with this site is for article purposes only.
All images and content (C) the original authors.

Contact Me

Contact Me

I'm excited to hear from you!

You can contact me via my Contact Page. If you'd prefer to give me a ring you can always call me at: 6052901990

My Address

923 N Main St. Aberdeen, South Dakota, United States 57401

Get Social

Newsletter Subscribe