Skip to content

Latest commit

 

History

History
46 lines (35 loc) · 1.11 KB

heriplor.md

File metadata and controls

46 lines (35 loc) · 1.11 KB
ID X0026
Aliases None
Platforms Windows
Year 2012
Associated ATT&CK Software None

Heriplor

This Trojan is associated with the Energetic Bear group [1].

MBC Behaviors

Name Use
Anti-Static Analysis::Executable Code Obfuscation::API Hashing (B0032.001) Malware uses API hashing method [1]
Command and Control::Command and Control Communication::Receive Data (B0030.002) Malware has capability to connect with C2 to download arbitrary code [2]

Indicators of Compromise

SHA256 Hashes

  • 1b17ce735512f3104557afe3becacd05ac802b2af79dab5bb1a7ac8d10dccffd

References

[1] https://insights.sei.cmu.edu/blog/api-hashing-tool-imagine-that/

[2] https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_heriplor.a