TinyPosh

Description

(Group-IB) As in the first campaigns, opening the link in the email resulted in the TinyPosh Trojan being downloaded to the victim’s computer. The malware achieved persistence in the system, obtained privileges of the account from which the Trojan was launched, and could download and launch the Cobalt Strike Beacon upon command. To hide the real C&C address, the hackers used the Cloudflare Workers server.

Names

Name
TinyPosh

Type

Backdoor
Downloader
Loader

Information

https://www.group-ib.com/blog/oldgremlin

Other Information

Uuid

2b67075b-19be-441c-860b-aab17bcd21b6

Last Card Change

2020-10-19

Threat Intelligence Garden

Explorer

TinyPosh

TinyPosh

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks