all InfoSec news
Linking and tracking UAC-0056 tooling through code reuse analysis
Malware Analysis, News and Indicators - Latest topics malware.news
Author: Carlos Rubio from Threatray Labs
Published on: 01.03.2023
Multiple blogs have reported about recent activities and tooling of UAC-0056 (also known as Nodaria, SaintBear, TA471).
Malwarebytes (April 22) and Mandiant (July 22) report about the “Elephant toolchain” apparently used by UAC-0056. The toolchain consists of Elephant Stealer (GraphSteel), Elephant Implant (GrimPlant), Elephant Downloader, and Elephant Dropper.
A very recent article by Symantec reports about the new “Graphiron” tooling of UAC-0056. It consists of two stages, a downloader (Downloader.Graphiron) and …
analysis april article author blogs code code reuse dropper elephant graphiron graphsteel grimplant july labs malwarebytes mandiant nodaria report reports reuse saintbear stealer symantec ta471 threatray tooling tracking uac uac-0056