InvisiMole (10f50ef8-6e3b-11e8-a648-d73fb4d2f48e)
Except for the malware's binary file, very little is known of who's behind it, how it spreads, or in what types of campaigns has this been used.
"Our telemetry indicates that the malicious actors behind this malware have been active at least since 2013, yet the cyber-espionage tool was never analyzed nor detected until discovered by ESET products on compromised computers in Ukraine and Russia," said ESET researcher Zuzana Hromcová, who recently penned an in-depth report about this new threat.
"All infection vectors are possible, including installation facilitated by physical access to the machine," Hromcová added.
Typical to malware used in highly-targeted attacks, the malware has been stripped of most clues that could lead researchers back to its author. With the exception of one file (dating to October 13, 2013), all compilation dates have been stripped and replaced with zeros, giving little clues regarding its timeline and lifespan.
Furthermore, the malware is some clever piece of coding in itself, as it's comprised of two modules, both with their own set of spying features, but which can also help each other in exfiltrating data.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| InvisiMole (22755fda-497e-4ef0-823e-5cb6d8701420) | Malpedia | InvisiMole (10f50ef8-6e3b-11e8-a648-d73fb4d2f48e) | Tool | 1 |