NDiskMonitor

Description

(Trend Micro) A custom backdoor we believe to be Patchwork’s own; it can list the infected machine’s files and logical drives, as well as download and execute a file from a specified URL.

Names

Name
NDiskMonitor

Category

Malware

Type

• Reconnaissance
• Backdoor
• Downloader

Information

• https://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/

Mitre Attack

• https://attack.mitre.org/software/S0272/

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:NDiskMonitor

Other Information

Uuid

96978093-9b14-4c4e-8dbf-575ccec7c538

Last Card Change

2020-04-22