ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Contopee

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Contopee

NamesContopee
WHITEOUT
CategoryMalware
TypeBackdoor
Description(SecurityWeek) Aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus. The ransomware shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus. One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry. The cipher suite in both samples has the same set of 75 different ciphers to choose from (as opposed to OpenSSL where there are over 300).
Information<https://www.securityweek.com/wannacry-highly-likely-work-north-korean-linked-hackers-symantec-says>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.contopee>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

All groups using tool Contopee

ChangedNameCountryObserved

APT groups

 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Spring 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key