216.73.216.6

TaxOff: You've Got a Backdoor...

· Published 03/12/2024 16:26 · Modified 03/12/2024 16:50

Export JSON

Essential information

Published
03/12/2024 16:26
Modified
03/12/2024 16:50
Tags
2024-12-03 code injection espionage keylogging phishing russian government trinper backdoor
Related entities
11 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware, 2 others

Description

A sophisticated threat group named TaxOff has been discovered targeting agencies. The group uses emails with legal and financial themes to deliver the , a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serialization, and a buffer cache for improved performance. It can inject code, manipulate files, execute commands, and perform . The backdoor communicates with command and control servers using encrypted channels and domain fronting techniques. TaxOff's combination of convincing social engineering and a complex backdoor makes their attacks particularly dangerous and difficult to detect.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references