Names | SnifLite | |
Category | Malware | |
Type | Credential stealer | |
Description | (Group-IB) After deobfuscating the code, Group-IB found that the attacks used a sniffer from the SnifLite family, already known to Group-IB experts and used by the threat actor UltraRank. Due to the relatively small number of infected websites, the attackers most likely used the credentials in the CMS administrative panel, which, in turn, could have been compromised using malware or as a result of brute force attacks. | |
Information | <https://www.group-ib.com/blog/ultrarank> |
Last change to this tool card: 07 January 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
UltraRank | [Unknown] | 2015-Nov 2020 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |