TelePowerBot

Description

(Group-IB) They created two custom modules, named by Group-IB as TelePowerBot and KamiKakaBot, which are written in PowerShell and .NET, respectively. These two pieces of malware are designed to read and execute commands from a threat actor-controlled Telegram channel via Telegram bot. Group-IB researchers noted that all communication between the devices of the threat actors and victims was based entirely on Telegram API, and they utilized numerous evasion techniques, including Bypass User Account Control, to remain undetected.

Names

Name
TelePowerBot

Type

Backdoor

Information

https://www.group-ib.com/media-center/press-releases/dark-pink-apt/

Other Information

Uuid

7d0df28b-f0d8-4685-86d5-5366ca8826e9

Last Card Change

2023-02-15

Threat Intelligence Garden

Explorer

TelePowerBot

TelePowerBot

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks