Driftpin is a small and simple backdoor that enables the attackers to assess the victim. When executed the trojan connects to a C&C server and receives commands to grab screenshots, enumerate running processes and get information about the system and campaign ID.
|2022-04-27 ⋅ ANSSI ⋅ |
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
|2020 ⋅ Secureworks ⋅ |
Bateleur Griffon Carbanak Cobalt Strike DRIFTPIN TinyMet FIN7
|2018-10-01 ⋅ FireEye ⋅ |
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
|2017-06-12 ⋅ FireEye ⋅ |
Behind the CARBANAK Backdoor
|2015-09-08 ⋅ ESET Research ⋅ |
Carbanak gang is back and packing new guns
There is no Yara-Signature yet.