Analysis of Golang Payload and Information Theft Campaign
Essential information
- Published
- 30/07/2024 16:14
- Modified
- 30/07/2024 16:32
- Tags
- 2024-07-30 apt client.exe espionage exfiltration golang malware pakistan quasar winver.exe
- Related entities
- 8 observables, 1 intrusion sets (apt), 19 techniques (mitre), 2 malware, 1 others
Description
The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the techniques used by the malware, including command execution, screen capturing, and data exfiltration via encrypted channels. The report also provides insights into the group's evolving tactics and expanding arsenal of attack tools.