Advanced Scenario - APT 32

  • 22 February 2023
  • 0 replies
Advanced Scenario - APT 32
Userlevel 1
Badge +1

APT 32 initiates its attack by downloading and executing a VBA script. It then proceeds to execute commands using the Windows Event Log, downloads a file from the internet, and executes a batch script. APT 32 creates persistence in the registry run keys and verifies the success of the created persistence. Then attempts to discover domain admins, steal credentials from the local machine, and use them to attempt lateral movement. It also maps admin shares, logs key inputs, discovers the file and directory structure, receives system information, encrypts files, and compresses and exfiltrates data in parallel. Finally, it lists credential files stored in current user AppData folders, performs DLL Search Order Hijacking, enumerates non-default installed applications, installs and runs a service, and creates a new user.

0 replies

Be the first to reply!