SkinnyBoy

Description

(Cluster25) The vector of the infection is a spear phishing email delivering a Word Office document with a significant name related to an International Conference. Both the vector and its naming are consistent with APT28 / FancyBear TTPs.As expected, the document triggers a MACRO function able to extract a Microsoft Dynamic Link Library (DLL) which then acts as downloader of a SkinnyBoy dropper (tdp1.exe) from a first dropurl.

Names

Name
SkinnyBoy

Type

Backdoor
Info stealer

Information

https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf
https://cybergeeks.tech/skinnyboy-apt28/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.skinnyboy

Other Information

Uuid

7c800792-38a5-4583-88f1-2ee873960680

Last Card Change

2021-12-28

Threat Intelligence Garden

Explorer

SkinnyBoy

SkinnyBoy

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks