APT34: PoisonFrog - Question 6

Question

For the&nbsp;What is the name of the file that executes the HTTP and DNS handling scripts?, I am confused on where I should be digging deeper as the powershell script was showcased to be wrong in terms of entering down the name, as well as other parts of the file&nbsp;I also tried parsing for the file name through the decoded script but I cant seem to find any meaningful leads.&nbsp;Basically I am wondering about what the expectation is for the question and where/how I should approach at a different angle

samdickison · Answer

Hey kevinh​ since it's been a few days, I tried to find a hint for you. I hope it helps:"Look closely at how the PoisonFrog C2 framework is structured on the filesystem. The framework relies on a main orchestration file (often a PowerShell or server-side script) that listens for connections and serves as the master coordinator for those individual HTTP and DNS protocol-handling scripts."I hope that's correct. Perhaps a Community member can give you a better tip....

Forum Discussion

APT34: PoisonFrog - Question 6

1 Reply

Featured Places

Help

Related Content

APT34: Glimpse - Question 4

Ransomware: Darkside - Question 9

How to Answer a Question

How to Ask a Question

Ransomware: Darkside - Question 8

Recent Discussions

APT34: PoisonFrog - Question 6

APT34: Glimpse - Question 4

Hafnium: ProxyLogon (Offensive) - Question 3

Hafnium: ProxyLogon (Offensive) - Question 3

Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis - Question 3