LevelBlue - Open Threat Exchange
By AlienVault
Archived: 2026-04-05 19:05:19 UTC
FileHash-SHA256: 11 | URL: 4 | YARA: 1 | Domain: 1 | Hostname: 1
In recent weeks, Unit 42 has discovered three documents crafted to exploit the InPage program. InPage is a word
processor program that supports languages such as Urdu, Persian, Pashto, and Arabic. The three InPage exploit
files are linked through their use of very similar shellcode, which suggests that either the same actor is behind
these attacks, or the attackers have access to a shared builder. The documents were found to drop the following
malware families: The previously discussed CONFUCIUS_B malware family A backdoor previously not
discussed in the public domain, commonly detected by some antivirus solutions as “BioData” A previously
unknown backdoor that we have named MY24
Source: https://otx.alienvault.com/browse/pulses?q=tag:MY24
https://otx.alienvault.com/browse/pulses?q=tag:MY24
Page 1 of 1