US CISA, FBI, and CNMF cybersecurity experts: APT employs common social engineering tactics, spearphishing, and watering hole attacks to exfiltrate information.
360 Total Security cyber security experts: Malware’s upgraded in camouflaging the encrypted function module, bypassing the security protection mechanism, and local persistence.
Cisco Talos cyber security experts: It uses the system registry to bypass anti-virus scanning, a registry key to maintain persistence and PowerShell to install.
Microsoft cyber security experts: the goal is to spread a backdoor Trojan, exploiting an old vulnerability. Probably there will be new malspam campaigns with same characteristics.
Trend Micro cyber security experts: The Iranian state-sponsored APT is using new tools and payloads, which indicates that it’s continuously developing the schemes.
The banking trojan is spreaded through mails with malicious attachments. It builds a PowerShell command from a downloaded image, thanks to steganography.