A series of cyber attacks which are labelled as the "Frankenstein" campaign have been identified by Cisco Talos. Frankenstein, due to the open-source moving parts utilized by these sophisticated hackers. The Talos team believes that the hackers carried out the Frankenstein campaign between January and April 2019. The hackers use malicious documents to install malware.
The malware consists of:
- an article that detects whether or not it exists within a virtual machine,
- a GitHub project that uses MSbuild to run a PowerShell command,
- a piece of a GitHub project called "Fruityc2" to build a stager and lastly
- a GitHub project called PowerShell Empire for their agents.
- VMWare
- Vbox
- Process Explorer
- Process Hacker
- ProcMon
- Visual Basic
- Fiddler
- WireShark
- VMWare
- Vbox
- VxStream
- AutoIT
- VMtools
- TCPView
- WireShark
- Process Explorer
- Visual Basic
- Fiddler