NDiskMonitor
The NDiskMonitor is a custom-built backdoor that has only been used by the Patchwork APT group, so it is safe to say that this is a tool developed and used by them exclusively. The threat has been created with the help of the .NET framework, and it is meant to serve as a backdoor Trojan that can provide the remote attacker with the ability to execute arbitrary commands and code on the compromised host. The functionality of the NDiskMonitor monitor is very limited – this is not something that should be considered a flaw since APT groups tend to use very finely tuned malware that serves the exact purposes they need. This means that NDiskMonitor's features were limited intentionally, so it would not use additional resources that may make it easier to spot.
On top of being able to execute remote commands, NDiskMonitor also is capable of listing drives, folders, and files – this can give the attacker a good idea about the purpose of the infested workstation, and whether there is valuable information on them. It also can be used to deliver secondary payloads to the compromised host in case the attackers find out that it contains important information.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.