Pteranodon

Pteranodon is a custom backdoor malware that has been linked to the cyber espionage group known as Gamaredon (also referred to as Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). This group has been active since 2014, with its activities primarily focused on Ukraine. Pteranodon infiltrates systems and can execute various tasks such as capturing screenshots based on a configuration file created on the disk. It has been observed to be distributed using a new PowerShell script in recent attacks. The malware was initially identified in an SFX file, containing a new Trojan we refer to as "Pteranodon". The earliest version of Pteranodon utilizes a hardcoded URL for command and control. More samples of Pteranodon can be found using the Pteranodon tag in AutoFocus, a threat intelligence tool developed by Palo Alto Networks. Gamaredon's use of the multistage backdoor Pteranodon underscores the persistent cyber threats faced by Ukraine. The group continues to evolve its strategies, employing new variants of the Pteranodon implant in their operations. Organizations are advised to stay vigilant against these threats by ensuring robust cybersecurity measures and regularly updating their systems to counteract such malicious software.