216.73.217.80

New TorNet backdoor seen in widespread campaign

· Published 28/01/2025 17:19 · Modified 29/01/2025 12:32

Export JSON

Essential information

Published
28/01/2025 17:19
Modified
29/01/2025 12:32
Tags
2025-01-28 agent-tesla backdoor evasion phishing poland purecrypter snake keylogger tor network tornet
Related entities
17 techniques (mitre), 4 malware, 5 others

Description

A financially motivated threat actor has been conducting a malicious campaign since July 2024, primarily targeting users in and Germany. The campaign uses emails impersonating financial institutions and companies to deliver various payloads, including a new called . The actor employs sophisticated techniques such as disconnecting victims from the network before payload delivery and using the for stealthy communications. The can receive and run arbitrary .NET assemblies, expanding the attack surface. The campaign also utilizes malware, which performs anti-analysis checks and establishes persistence through Windows scheduled tasks. The attackers demonstrate advanced techniques and the ability to adapt their tactics for maximum effectiveness.

External references