One text has served as a multiplication tool for collecting a computer information, including the applicable system information, the location of disks, the desktop folder directory, and a list of all applicable procedures. All these information is collected back to the C2 server.
A new unique name
The second text was a PowerShell version of a woman. Targeted extensions included .Doc, .docx, .xls, .xlsx, .ptf,
The new Nkayastel Version is using PowerShell web applications to the Exfiltrate Files, and if they fail, they will also return to use the Curl Command line tool with Tor Proxy to send data. There is also code suggesting web service write.as could be used as an Exfiltration data channel.
Source link