New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting
Book a Demo
Book a Demo

UNC4191 Threat Group Targets Entities In The Philippines

December 1, 2022

The UNC4191 threat group was discovered targeting entities in the Philippines with custom malware and the NCAT command-line networking utility. The malicious software is written in C/C++, replicates by infecting new removable drives, and creates a reverse shell to the actor's command and control server. Registry Run keys are used for persistence while multiple legitimate binaries are leveraged for DLL Side-Loading.

Featured Resources

cymulate blog article
blog

Out of Sight, Beneath the Surface: Exploring Delegated Admin Risks in AWS Organizations

How Chaining Delegated Admin with a Mis-scoped Managed Policy Allowed Escalation from a Compromised Account to Full AWS Organization Control 

Read More
image
E-book

Optimize Your Cyber Defenses with Exposure Validation

CTEM guidance built around exposure validation to surface real exposures, strengthen existing controls, and reduce uncertainty

Learn More
image
blog

AI and ML for SIEM: The New Standard in SOC Defense 

Traditional SIEM systems, while foundational to enterprise security operations, can reach a limit in increasingly-complex environments. As organizations face more

Read More