GhostContainer backdoor for Exchange servers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated backdoor targeting Exchange servers of high-value organizations in Asia has been discovered. The malware, named GhostContainer, is a multi-functional backdoor that can be dynamically extended with additional modules. It leverages several open-source projects and employs various evasion techniques to avoid detection. The backdoor grants attackers full control over the Exchange server and can function as a proxy or tunnel. The malware is believed to be part of an APT campaign targeting government and high-tech companies in Asia. It includes components for C2 parsing, virtual page injection, and web proxy functionality. The attackers demonstrated expertise in exploiting Exchange systems and assembling sophisticated espionage tools.
OPENCTI LABELS :
apt,backdoor,open-source,evasion,proxy,asia,ghostcontainer,exchange
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
GhostContainer backdoor for Exchange servers