ID | X0026 |
Aliases | None |
Platforms | Windows |
Year | 2012 |
Associated ATT&CK Software | None |
This Trojan is associated with the Energetic Bear group [1].
Name | Use |
---|---|
Anti-Static Analysis::Executable Code Obfuscation::API Hashing (B0032.001) | Malware uses API hashing method [1] |
Command and Control::Command and Control Communication::Receive Data (B0030.002) | Malware has capability to connect with C2 to download arbitrary code [2] |
SHA256 Hashes
- 1b17ce735512f3104557afe3becacd05ac802b2af79dab5bb1a7ac8d10dccffd
[1] https://insights.sei.cmu.edu/blog/api-hashing-tool-imagine-that/
[2] https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_heriplor.a