ORPCBackdoor

Description

(Knownsec 404) Recently, Knownsec 404 Advanced Threat Intelligence Team found a new DLL backdoor in the Arsenal of Bitter during the continuous tracking process, the original name is OLEMAPI32.DLL, the product name is Microsoft Outlook, the discovered backdoor uses a more unique communication method.

In contrast to the group’s other weapons, the backdoor communication method discovered this time uses RPC to interact with the server.

According to the available information, the newly discovered back door is most likely to target Outlook user groups. In order to facilitate follow-up tracking, hunting and differentiation, we named it ORPCBackdoor based on this feature.

Names

Name
ORPCBackdoor

Type

Backdoor

Information

https://paper.seebug.org/2092/
https://medium.com/@knownsec404team/apt-k-47-mysterious-elephant-a-new-apt-organization-in-south-asia-5c66f954477
https://medium.com/@knownsec404team/unveiling-the-past-and-present-of-apt-k-47-weapon-asyncshell-5a98f75c2d68

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.orpcbackdoor

Other Information

Uuid

a83bf18c-31cb-4103-ae7b-9127d86fc766

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

ORPCBackdoor

ORPCBackdoor

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks