NordDragonScan: Quiet Data-Harvester on Windows

SUMMARY :

A sophisticated infostealer dubbed NordDragonScan has been discovered, targeting Windows systems through weaponized HTA scripts. The malware is distributed via shortened links leading to RAR archives containing malicious LNK shortcuts. Once installed, NordDragonScan performs extensive reconnaissance, collecting system information, network details, browser data, and sensitive documents. It utilizes custom obfuscation techniques and establishes persistence through registry modifications. The stolen data is exfiltrated to a command-and-control server using TLS encryption. The attack employs various decoy documents to evade detection and maximize infection opportunities. NordDragonScan's capabilities include screenshot capture, Chrome and Firefox profile harvesting, and local network scanning.

OPENCTI LABELS :

infostealer,browser data theft,norddragonscan


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


NordDragonScan: Quiet Data-Harvester on Windows