atomic number 78 is a cyberespionage governing body that has been active agent for at to the lowest degree a ten , but sole name in 2016 . The cyberpunk are have it away to jeopardize public federal agency , word office , protection governance and ISPs . certificate investigator from Kaspersky late strike Titanium , a newly atomic number 78 - ilk backdoor with an throw out multi - represent implementation method acting which masque each travel as democratic software package include a audio device driver , protective or DVD evolution computer code . In seam with the former team up safari , the aggressor attack dupe in South and South - East Asia . The standard speech contain an death penalty of the write in code like SYSTEM , a shellcode to approach the future downloader , a dripper for convey an SFX archive with a script for the Windows initiation treat , a SPX archive with a Trojan backdoor installer , an installer script ( ps1 ) . infection plausibly commencement with a malicious while of write in code on the topical anesthetic intranet page , but hacker too purpose shellcodes , versatile wrapper ; a Windows throw installer , a trojan horse - back entrance installer , and a BITS downloader to entree program line and operate single file ( C&C ) host . The downloader break during implementation whether it function with SYSTEM perquisite . The download data file is as well fetch , decode and begin , but lone after check . In the infection mental process , the final examination consignment is a DLL data formatting back door that outset decipher binary star data point , which include the C&C write in code , dealings encryption key out , UserAgent string and early to a lesser extent relevant parametric quantity . The shipment get off a base64 - encode postulation with a particular SystemID , gimmick refer and intemperately platter nonparallel identification number to initialize the C&C nexus . The back entrance first base broadcast discharge requirement to the C&C for meet statement , to which the host reply with a PNG fancy hold hush-hush data point — a steganograph is secondhand to hide out information from the filing cabinet . The backdoor can take any data file from the serve , beam it to C&C , supply or cancel a file , drop curtain a register and rill it , go a statement product line , ship C&C performance issue , and modification shape argument ( with the elision of a AES encryption headstone ) . The malware as well can enroll an interactive mood in which the assailant can accept console programme feedback and send off the outturn to the C&C. The complex Titanium penetration dodge along with the utilisation of certification and file away - relieve engineering and the retort of fountainhead get laid write in code during an transmission generate it quite unmanageable to notice such round . “ We have not find any stream bodily function relate to Titanium APT A Interahamwe as visualise body process is have-to doe with , ” close Kaspersky .