Buhtrap backdoor and ransomware distributed via major advertising platform
released on 2019-04-30 @ 09:43:35 AM
While the Buhtrap backdoor source code has been leaked in the past and can thus be used by anyone, RTM code has not, at least to our knowledge. In this blog, we will describe how the threat actors distributed their malware by abusing Yandex.Direct and hosted it on GitHub. We will conclude with a technical analysis of the malware used.