ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool LONGRUN

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LONGRUN

NamesLONGRUN
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
DescriptionLONGRUN is a backdoor designed to communicate with a hard-coded IP address and provide the attackers with a custom interactive shell. It supports file uploads and downloads, and executing arbitrary commands on the compromised machine. When LONGRUN executes, it first loads configuration data stored as an obfuscated string inside the PE resource section. The distinctive string thequickbrownfxjmpsvalzydg is used as part of the input to the decoding algorithm. When the configuration data string is decoded it is parsed and treated as an IP and port number. The malware then connects to the host and begins interacting with it over a custom protocol.
Information<http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: LokiBot
Next: LONGWATCH

All groups using tool LONGRUN

ChangedNameCountryObserved

APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key