ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool NineBlog

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NineBlog

NamesNineBlog
CategoryMalware
TypeReconnaissance, Backdoor
Description(FireEye) We noticed the decoded VBScript backdoors from recent activity were nearly identical (with some small changes) to the first NINEBLOG variants we observed in 2013. The minimal code changes may be due to the fact that the encoding provides enough obfuscation to prevent detection, allowing the core functionality of the backdoor to remain the same. Additionally, newer variants of the VBScript include some code enhancements.
Information<https://www2.fireeye.com/rs/848-DID-242/images/rpt-southeast-asia-fall-2015.pdf>
<https://www.fireeye.com/blog/threat-research/2013/08/the-curious-case-of-encoded-vb-scripts-apt-nineblog.html>

Last change to this tool card: 01 May 2020

Download this tool card in JSON format

Previous: Nimcy
Next: Nishang

All groups using tool NineBlog

ChangedNameCountryObserved

APT groups

 NineBlogChina2013 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key