Linking and tracking UAC-0056 tooling through code reuse analysis | allinfosecnews.com

March 1, 2023, 2:25 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Author: Carlos Rubio from Threatray Labs

Published on: 01.03.2023

Multiple blogs have reported about recent activities and tooling of UAC-0056 (also known as Nodaria, SaintBear, TA471).

Malwarebytes (April 22) and Mandiant (July 22) report about the “Elephant toolchain” apparently used by UAC-0056. The toolchain consists of Elephant Stealer (GraphSteel), Elephant Implant (GrimPlant), Elephant Downloader, and Elephant Dropper.

A very recent article by Symantec reports about the new “Graphiron” tooling of UAC-0056. It consists of two stages, a downloader (Downloader.Graphiron) and …

analysis april article author blogs code code reuse dropper elephant graphiron graphsteel grimplant july labs malwarebytes mandiant nodaria report reports reuse saintbear stealer symantec ta471 threatray tooling tracking uac uac-0056

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Update: file-magic.py Version 0.0.8 6 hours ago | malware.news

article didier didier stevens file +11

Ticketmaster confirms customer data breach 9 hours ago | malware.news

breach cloud cloud database customer +18

What the Biggest-Ever Botnet Takedown Means 1 day, 6 hours ago | malware.news

botnet distribution financial industrial +5

Okta Cross-origin Authentication Feature in Customer Identity Cloud Targeted in Credential Stuffing Attacks 1 day, 8 hours ago | malware.news

access attacks authentication cloud +22

OpenAI report reveals threat actors using ChatGPT in influence operations 1 day, 8 hours ago | malware.news

article campaigns chatgpt disruption +12

Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud 1 day, 8 hours ago | malware.news

android android app app bahrain +17

Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins 1 day, 9 hours ago | malware.news

article attacks bugs fastly +11

Senator Calls for FTC, SEC Probe Into UnitedHealth’s ‘Negligence’ in Breach 1 day, 10 hours ago | malware.news

article attack board breach +17

Vulnerability impacting Check Point Network Security Gateways (CVE-2024-24919) 1 day, 10 hours ago | malware.news

article canadian canadian centre for cyber security check +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com