CALENDAR

CALENDARCALENDAR

Description

This family of malware uses Google Calendar to retrieve commands and send results. It retrieves event feeds associated with Google Calendar, where each event contains commands from the attacker for the malware to perform. Results are posted back to the event feed. The malware authenticates with Google using the hard coded email address and passwords. The malware uses the deprecated ClientLogin authentication API from Google. The malware is registered as a service dll as a persistence mechanism. Artifacts of this may be found in the registry.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Agenda Ransomware
Software
GETMAIL
Software
RemindMe
Software
GoGoogle
Software
Cerberos
Software
GLOOXMAIL
Sourced from MITRE ATT&CK Enterprise . Curated by Adam Lundqvist, SQUR.