A new backdoor named Poison Frog was analyzed by researchers and revealed that the threat group OilRig appeared “sloppy” in their development of it. Kaspersky came across Poison Frog while scanning their archives looking for old OilRig malware after OilRig information was shared over a Telegram channel. Kaspersky found that Poison Frog had an executable that was written in C# which dropped a PowerShell script containing a DNS and HTTP backdoor, executed the script and then deleted it. Several mistakes were made by OilRig in this malware–such as one sample not executing because a command was spelled wrong and dates within the malware was wrong.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.