ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool UpDocX

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: UpDocX

NamesUpDocX
CategoryMalware
TypeBackdoor, Keylogger, Exfiltration
DescriptionUpDocX was written in VB.NET and compiled without any attempts at obfuscating the source code. There is also no attempt in obfuscating C2 network traffic. It has limited functionality and appears to be a simple backdoor used solely for keylogging and uploading documents to designated C2 servers. The attackers have, however, put some effort into avoiding detection and hindering investigations. UpDocX has a list of extensive clean-up functions responsible for eliminating evidence of compromise, which indicates a degree of caution often not observed in targeted attacks.
Information<https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/UnFIN4ished_Business_pwd.pdf>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:UpDocX>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool UpDocX

ChangedNameCountryObserved

APT groups

 FIN4, Wolf SpiderRomania2013 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key