HATVIBE
Description
(The Hacker News) Opening the document and enabling macros results in the execution of an encoded HTML Application (HTA) named HATVIBE, which sets up persistence on the host using a scheduled task and paves the way for a Python backdoor codenamed CHERRYSPY, which is capable of running commands issued by a remote server.
Names
| Name |
|---|
| HATVIBE |
Category
Malware
Type
- Loader
Information
- https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html
- https://cert.gov.ua/article/6280129
Other Information
Uuid
1c242d91-b9d1-40af-972a-ecf002dbde30
Last Card Change
2024-08-27