ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Flame

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Flame

NamesFlame
Flamer
sKyWIper
Skywiper
CategoryMalware
TypeBackdoor, Rootkit, Keylogger, Info stealer, Exfiltration
Description(Wikipedia) Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is being used for targeted cyber espionage in Middle Eastern countries.

Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. The last of these stated in its report that Flame 'is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found.' Flame can spread to other systems over a local network (LAN). It can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices. This data, along with locally stored documents, is sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.
Information<https://en.wikipedia.org/wiki/Flame_(malware)>
<https://storage.googleapis.com/chronicle-research/Flame%202.0%20Risen%20from%20the%20Ashes.pdf>
<https://securelist.com/the-flame-questions-and-answers-51/34344/>
<https://www.crysys.hu/publications/files/skywiper.pdf>
<https://www.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf>
<https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache>
MITRE ATT&CK<https://attack.mitre.org/software/S0143/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.flame>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Flame>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: FIVEHANDS
Next: Flapjack

All groups using tool Flame

ChangedNameCountryObserved

APT groups

 Equation GroupUSA2001-Aug 2016X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key