Autodesk 3ds Max Attack
A sophisticated cyberespionage campaign targeted an international architectural and video production company. The threat actor exploited a flaw in Autodesk 3ds Max software to drop a payload which masqueraded as a plugin for the 3D computer graphics application. Defense evasion was carried out by deleting dropped files, modifying timestamps, hiding files and directories, and using uncommon ports to communicate with the command and control server. Various tools were used during the campaign including a crawler to list, compress, and upload files and an info-stealer to collect system information including screen captures.