ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool PhantomNet

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PhantomNet

NamesPhantomNet
SManager
CategoryMalware
TypeReconnaissance, Backdoor, Loader
Description(ESET) The backdoor was named Smanager_ssl.DLL by its developers but we use PhantomNet, as that was the project name used in an older version of this backdoor. This most recent version was compiled on the 26th of April 2020, almost two months before the supply-chain attack. In addition to Vietnam, we have seen victims in the Philippines, but unfortunately we did not uncover the delivery mechanism in those cases.
This backdoor is quite simple and most of the malicious capabilities are likely deployed through additional plugins. It can retrieve the victim’s proxy configuration and use it to reach out to the command and control (C&C) server. This shows that the targets are likely to be working in a corporate network.
Information<https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/>
<https://insight-jp.nttsecurity.com/post/102glv5/pandas-new-arsenal-part-3-smanager>
<https://0xthreatintel.medium.com/reversing-apt-tool-smanager-unpacked-d413a04961c4>
<https://0xthreatintel.medium.com/how-to-unpack-smanager-apt-tool-cb5909819214>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.smanager>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: PhantomLance
Next: Philadelphia

All groups using tool PhantomNet

ChangedNameCountryObserved

APT groups

 Operation SignSight[Unknown]2020 
 TA428China2013-May 2021 

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key