ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool KOMPROGO

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KOMPROGO

NamesKOMPROGO
Splinter RAT
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Downloader
Description(Cylance) Splinter arrives as an MSBuild project file containing a Base64 encoded PowerShell script generated using the MSFvenom psh-reflection module. As in the case of Remy, it utilizes on-the-fly C# compilation and strips off several PowerShell wrappers before the shellcode that calls the final payload is invoked. The backdoor itself is a Win32 PE EXE file and has the capability to collect information, download and execute payloads, run WMI queries, and manipulate files, processes, and registry entries. The overall functionality of Splinter appears pretty much in line with the “KOMPROGO” malware (as described in the FireEye APT32 report).
Information<https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/SpyRATsofOceanLotusMalwareWhitePaper.pdf>
<https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html>
MITRE ATT&CK<https://attack.mitre.org/software/S0156/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.komprogo>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:KOMPROGO>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool KOMPROGO

ChangedNameCountryObserved

APT groups

 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020 HOTX
 FIN10[Unknown]2016 

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key