ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool CHAINSHOT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: CHAINSHOT

NamesCHAINSHOT
CategoryMalware
TypeDownloader
Description(Palo Alto) We uncovered part of a new toolkit which was used as a downloader alongside Adobe Flash exploit CVE-2018-5002 to target victims in the Middle East. This was possible because the attacker made a mistake in using insecure 512-bit RSA encryption. The malware sends user information encrypted to the attacker server and attempts to download a final stage implant. It was allegedly developed with the help of an unknown framework and makes extensive use of custom error handling. Because the attacker made another mistake in using the same SSL certificate for similar attacks, we were able to uncover additional infrastructure indicating a larger campaign.
Information<https://unit42.paloaltonetworks.com/unit42-slicing-dicing-cve-2018-5002-payloads-new-chainshot-malware/>
<https://atr-blog.gigamon.com/2018/06/07/adobe-flash-zero-day-leveraged-for-targeted-attack-in-middle-east/>
<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.chainshot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:chainshot>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: certutil
Next: ChChes

All groups using tool CHAINSHOT

ChangedNameCountryObserved

APT groups

 SandCatUzbekistan2018 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key