In July 2019, one of our customer’s company suffering the APT attack and we start the investigation immediately. During the investigation we found a brand new backdoor sample, which implements lots of features by using Dropbox API, using Dropbox like a C&C server. After the reverse engineering, we extract the Dropbox token used by the sample, dig into Dropbox folder, and reveal the whole functional structure. Continue reading

2019 年 7 月，我們發現一個合作的客戶疑似遭受 APT 攻擊並立刻著手調查。調查過程中發現了一種全新的後門樣本，該樣本的特殊之處在於攻擊者利用 Dropbox API 實現了一個具備多種功能的後門惡意程式，並且完美地將 C&C 伺服器建構在 Dropbox 上。透過惡意程式分析，我們獲得了樣本所使用的 Dropbox API Token 並且能夠進一步的深入探討整個架構的運作原理。 Continue reading