all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Linking and tracking UAC-0056 tooling through code reuse analysis

Add to bookmarks
March 1, 2023, 2:25 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


Author: Carlos Rubio from Threatray Labs


Published on: 01.03.2023





Multiple blogs have reported about recent activities and tooling of UAC-0056 (also known as Nodaria, SaintBear, TA471).


Malwarebytes (April 22) and Mandiant (July 22) report about the “Elephant toolchain” apparently used by UAC-0056. The toolchain consists of Elephant Stealer (GraphSteel), Elephant Implant (GrimPlant), Elephant Downloader, and Elephant Dropper.


A very recent article by Symantec reports about the new “Graphiron” tooling of UAC-0056. It consists of two stages, a downloader (Downloader.Graphiron) and …

analysis april article author blogs code code reuse dropper elephant graphiron graphsteel grimplant july labs malwarebytes mandiant nodaria report reports reuse saintbear stealer symantec ta471 threatray tooling tracking uac uac-0056

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Stolen Citrix Credentials Led to Change Ransomware Attack 17 minutes ago | malware.news
access attack authentication ceo +23
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN … 27 minutes ago | malware.news
article chrome fcc ftc +9
Navigating the cybersecurity career maze an hour ago | malware.news
article career careers cyber +12
The Top 11 Legal Industry Cyber Attacks an hour ago | malware.news
addition attack attacks breach +13
Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response … 2 hours ago | malware.news
and response article business capabilities +14
Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474, (Tue, Apr 30th) 2 hours ago | malware.news
article attacks cve devices +13
LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec 3 hours ago | malware.news
called campaigns companies critical +19
Defending infrastructure, securing systems key to CISA's new AI guidelines 3 hours ago | malware.news
article artificial artificial intelligence benefits +14
Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 4 hours ago | malware.news
advanced advanced threat advanced threat detection analysis +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs