Back to Resources

SentinelOne vs MicroBackdoor (CERT-UA Computer Emergency Response Team of Ukraine Alert)

On March 7, 2022, CERT-UA (Computer Emergency Response Team of Ukraine) posted alert #4109. The alert focuses on MicroBackdoor activity being carried out by adversaries tracked as UAC-0051 (aka Ghostwriter). The backdoor is distributed via a malicious ZIP archive, which extracts to a specially-crafted .CHM file. Code in the .CHM file is responsible for extraction […]
Watch Now