A technical analysis of the APT28’ s backdoor called OCEANMAP

OCEANMAP is a backdoor developed by the Russian APT28/Sofacy/Fancy Bear that was discovered by CERT-UA. The malware establishes persistence on the infected machine using an Internet shortcut created in the Startup folder. It can run multiple commands depending on emails content found on two mail servers. The commands are run using the cmd.exe process, and their output is stored as emails in the Inbox folder on the hard-coded mail servers.

Download PDF file :

https://securityscorecard.com/wp-content/uploads/2024/03/Whitepaper-A-technical-analysis-of-the-APT28s-backdoor-called-OCEANMAP.pdf