In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.
Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.