ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool KasperAgent

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KasperAgent

NamesKasperAgent
CategoryMalware
TypeBackdoor
Description(Palo Alto) ASPERAGENT is developed in Microsoft Visual C++ and attempts to disguise itself as a product that does not exist: “Adobe Cinema Video Player”. The malware first establishes persistence using the classic method of adding a Run key, using the value “MediaSystem”.

The malware connects to a C2 serverhosted on www.mailsinfo[.]net. The C2 server string in the binary is “obfuscated” in the most basic of senses, with the author adding ‘@’ characters between letters and splitting the starting “www.m” to another string.
Information<https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/>
<https://www.threatconnect.com/blog/kasperagent-malware-campaign/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.kasperagent>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:KASPERAGENT>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool KasperAgent

ChangedNameCountryObserved

APT groups

 Desert Falcons[Gaza]2011-Apr 2021X
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key