Prismex
-
PrismexSheet, a malicious Excel dropper with VBA macros that
extracts payloads embedded within the file using steganography, establishes
persistence via COM
hijacking, and displays a decoy document related to drone inventory
lists and drone prices after macros are enabled.
-
PrismexDrop, a native dropper that readies the environment for
follow-on exploitation and uses scheduled tasks and COM DLL hijacking for
persistence.
-
PrismexLoader (aka PixyNetLoader), a proxy DLL that extracts the
next-stage .NET payload scattered across a PNG image's ("SplashScreen.png")
file structure using a bespoke "Bit Plane Round Robin" algorithm and runs it
entirely in memory.
-
PrismexStager, a COVENANT Grunt implant that abuses Filen.io cloud
storage for C2.