Broomstick Propose Change

Oyster is a new loader and backdoor which was first observed in September 2023. Oyster's execution comprises two executables; the first masquerades as a browser installer (dubbed Oyster Installer), and the second is the main backdoor component (dubbed Oyster Main). Oyster Installer is responsible for dropping the main backdoor component and installing persistence, which it achieves via COM hijacking and misuse of the Windows disk cleanup utility. The main backdoor component collects basic system information and communicates with the C2. The malware can execute commands (via cmd.exe) and execute additional files. The malware is believed to be associated with former WIZARD SPIDER (TrickBot/Conti) affiliates.

References

There is no Yara-Signature yet.