Intrusions by Gama Copy also closely resembled those of the advanced persistent threat operation Core Werewolf with both groups’ utilization of 7-ZIP self-extracting archive files for UltraVNC execution, port 443 for server connections, and the EnableDelayedExpansion command, an analysis from the Knownsec 404 Advanced Threat Intelligence team revealed.
Attacks by Gamaredon copycat target Russia
