UpDocX

Description

UpDocX was written in VB.NET and compiled without any attempts at obfuscating the source code. There is also no attempt in obfuscating C2 network traffic. It has limited functionality and appears to be a simple backdoor used solely for keylogging and uploading documents to designated C2 servers. The attackers have, however, put some effort into avoiding detection and hindering investigations. UpDocX has a list of extensive clean-up functions responsible for eliminating evidence of compromise, which indicates a degree of caution often not observed in targeted attacks.

Names

Name
UpDocX

Type

Backdoor
Keylogger
Exfiltration

Information

https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/UnFIN4ished_Business_pwd.pdf

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:UpDocX

Other Information

Uuid

ca704d4a-0ff0-449e-ac40-95d8e22cd8d5

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

UpDocX

UpDocX

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks