A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor

APT + Intelligence Cluster25 todayJune 3, 2021

This paper presents an analysis of a new and never publicly reported malware internally dubbed as SkinnyBoy.

Based on long-term observations and technical evidences, Cluster25 cyber intelligence research team associates this implant, with medium-high degree of confidence, with the threat actor known as APT28 / Fancy Bear / Pawn Storm.

Download Cluster25 Report

Written by: Cluster25

Tagged as: , , , , , , , .

Previous post

General Cluster25 / February 15, 2021


This is the welcome post for Cluster25 threat intelligence research blog. Through this space, the team will share analysis and evidence relating to internal global threat hunting activities. Happy reading!

Similar posts

APT Cluster25 / May 13, 2022

Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe

Cozy Bear (aka Nobelium, APT29, The Dukes) is a well-resourced, highly dedicated and organized cyberespionage group that is believed to work in support of the decision-making process of Russian government since at least 2008. Nobelium primarily targets western governments and related organizations, with a particular focus on government, diplomat, political and think tank sectors.  Recently ...

Read more trending_flat

APT Cluster25 / May 3, 2022

The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet

NOTICE After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two analyzed samples contained in this blog post was coincidental. The code they had in common is aligned with Microsoft standard libraries, and therefore common for use. In this blog post, Cluster25 outlines a code match between two ...

Read more trending_flat