Description: GoldFinder Malware
GoldFinder Malware is a type of malware discovered by the Microsoft cybersecurity researcher. Though it is very highly specialized as well as a custom-built tool which was noticed as a part of the activity of the Nobelium which was redirected to ATP Group. The main task of the GoldFinder Malware is to investigate in the computer and secretly enters in the computer and gain knowledge about the system and then inform the cyber hackers about the loopholes in the setup or even if the system is logged out.
However, GoldFinder is written in Go language and can be related by HTTP ( Hypertext Transfer Protocol ) tracker tool. Afterward, when GoldFinder Malware executes and starts comprising the system through Social Engineering attacks, phishing links will record the entire data and travel the entire path to record and jump to the packets which take to the way of the hardcoded address of the control-and-command server. In the short description, the malware will figure out all the routes through HTTP proxy servers or any other redirection that could be potentially represented through network security devices from both inside or outside.
|It targets the C2 URL|
|Data that is compromised through HTTP will receive from C2 Server|
|Usually HTTP response headers and their values.|
GoldFinder Malware uses the signal from NOBELIUM hackers if their communication with other types of similar malware threat such as GoldMax or Sunshuttle which uses the backdoor on the breached system which has been intercepted.
Indicators for compromise