NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.
INDUSTRIES: Military, Industrial
TARGETED COUNTRIES: United States of America, Turkey, Egypt, France, Germany, Italy, Russian Federation, India, Brazil
MALWARE FAMILIES: Maui, Satacom, SgnitLoader, ClipBanker, DanaBot, Disbuk, Fabookie, Glupteba, NullMixer, Exodus, ShortLoader, RedLine, FormatLoader, SmokeLoader, Vidar
ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1105 - Ingress Tool Transfer, T1566 - Phishing, T1036 - Masquerading, T1115 - Clipboard Data, T1059 - Command and Scripting Interpreter, T1113 - Screen Capture, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1055 - Process Injection, T1176 - Browser Extensions, T1134 - Access Token Manipulation, T1546 - Event Triggered Execution, T1056 - Input Capture, T1033 - System Owner/User Discovery, T1204 - User Execution
Read More:
Comments