NEWSREELS (5abc6792-be17-48ee-a765-29cffa4242ee)
The NEWSREELS malware family is an HTTP based backdoor. When first started, NEWSREELS decodes two strings from its resources section. These strings are both used as C2 channels, one URL is used as a beacon URL (transmitting) and the second URL is used to get commands (receiving). The NEWSREELS malware family is capable of performing file uploads, downloads, creating processes or creating an interactive reverse shell.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
NewsReels (1d32e7c3-840e-4247-b28b-818cb1c4ae7c) | Malpedia | NEWSREELS (5abc6792-be17-48ee-a765-29cffa4242ee) | Tool | 1 |