ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool BISTROMATH

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: BISTROMATH

NamesBISTROMATH
CategoryMalware
TypeBackdoor, Info stealer
Description(US-CERT) This report looks at multiple versions of a full-featured RAT implant executable and multiple versions of the CAgent11 GUI implant controller/builder. These samples performs simple XOR network encoding and are capable of many features including conducting system surveys, file upload/download, process and command execution, and monitoring the microphone, clipboard, and the screen. The GUI controllers allow interaction with the implant as well as the option to dynamically build new implants with customized options. The implants are loaded with a trojanized executable containing a fake bitmap which decodes into shellcode which loads the embedded implant.
Information<https://www.us-cert.gov/ncas/analysis-reports/ar20-045a>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.bistromath>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:BISTROMATH>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: Bisonal
Next: BitPaymer

All groups using tool BISTROMATH

ChangedNameCountryObserved

APT groups

 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Spring 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key