SentinelOne vs MicroBackdoor (CERT-UA Computer Emergency Response Team of Ukraine Alert)

On March 7, 2022, CERT-UA (Computer Emergency Response Team of Ukraine) posted alert #4109. The alert focuses on MicroBackdoor activity being carried out by adversaries tracked as UAC-0051 (aka Ghostwriter). The backdoor is distributed via a malicious ZIP archive, which extracts to a specially-crafted .CHM file. Code in the .CHM file is responsible for extraction of the main dropper and subsequent execution. MicroBackdoor is an open source application, originally authored by well-known researcher Dmytro Olesluk.

Visit the SentinelOne Ukraine Crisis Response Center to learn more: https://s1.ai/ukraine-response

#MicroBackdoor #cybersecurity #ukraine