SYMBOLCOMMON_NAMEaka. SYNONYMS
win.backorder (Back to overview)

BACKORDER

Actor(s): Sandworm

According to EclecticIQ, this is a downloader written in Go, able to exclude paths from Windows Defender in order to execute fetched payloads without raising alerts.

References
2025-02-11EclecticIQArda Büyükkaya
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Kalambur BACKORDER DCRat

There is no Yara-Signature yet.