Attack Campaign on the Government of Thailand Delivers Bookworm Trojan

Unit 42 recently published a blog on a newly identified Trojan called Bookworm, which discussed the architecture and capabilities of the malware and alluded to Thailand being the focus of the threat actors’ campaigns. In this blog, we will discuss the current attack campaign along with the associated threat infrastructure and the actor’s tactics, techniques

Upatre: Old Dog, New [Anti-Analysis] Tricks

Malware authors must constantly iterate on their techniques in order to stay relevant in today’s fast moving Information Security environment. The Upatre downloader has been around for nearly three years and has consistently evolved its anti-analysis capabilities to better ensure payload delivery. Using Palo Alto Networks AutoFocus, we identified several thousand functionally identical Upatre binaries

Bookworm Trojan: A Model of Modular Architecture

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on