ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool HOPLIGHT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HOPLIGHT

NamesHOPLIGHT
HANGMAN
CategoryMalware
TypeTunneling
Description(US-CERT) This report provides analysis of twenty malicious executable files. Sixteen of these files are proxy applications that mask traffic between the malware and the remote operators. The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors. One file contains a public SSL certificate and the payload of the file appears to be encoded with a password or key. The remaining file does not contain any of the public SSL certificates, but attempts outbound connections and drops four files. The dropped files primarily contain IP addresses and SSL certificates.
Information<https://www.us-cert.gov/ncas/analysis-reports/ar20-045g>
<https://www.computing.co.uk/ctg/news/3074007/lazarus-rises-warning-over-new-hoplight-malware-linked-with-north-korea>
MITRE ATT&CK<https://attack.mitre.org/software/S0376/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.hoplight>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:HOPLIGHT>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: HOMEFRY
Next: HOTCROISSANT

All groups using tool HOPLIGHT

ChangedNameCountryObserved

APT groups

XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Dec 2020 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key