ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool AMTsol

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: AMTsol

NamesAMTsol
CategoryMalware
TypeExfiltration
Description(Microsoft) Since the 2016 publication, Microsoft has come across an evolution of PLATINUM’s file-transfer tool, one that uses the Intel Active Management Technology (AMT) Serial-over-LAN (SOL) channel for communication. This channel works independently of the operating system (OS), rendering any communication over it invisible to firewall and network monitoring applications running on the host device. Until this incident, no malware had been discovered misusing the AMT SOL feature for communication.

Upon discovery of this unique file-transfer tool, Microsoft shared information with Intel, and the two companies collaborated to analyze and better understand the purpose and implementation of the tool. We confirmed that the tool did not expose vulnerabilities in the management technology itself, but rather misused AMT SOL within target networks that have already been compromised to keep communication stealthy and evade security applications.
Information<https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.amtsol>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: Amphibeon
Next: Anchor

All groups using tool AMTsol

ChangedNameCountryObserved

APT groups

 PlatinumChina2009-Nov 2019 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key