ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Sepulcher

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Sepulcher

NamesSepulcher
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Exfiltration
Description(Proofpoint) Sepulcher malware has seven work modes that include conducting reconnaissance on an infected host, spawning a reverse command shell, reading from file, and writing to file. More granularly, additional commands exist within the intelligence gathering/reconnaissance work modes (1002, 1003, 1004) which carry out reconnaissance functionality within the infected host. These commands include obtaining information about the drives, file information, directory statistics, directory paths, directory content, running processes, and services. Additionally, it is capable of more active functionalities like deleting directories and files, creating directories, moving file source to destination, spawning a shell to execute commands, terminating a process, restarting a service, changing a service start type, and deleting a service.
Information<https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:sepulcher>

Last change to this tool card: 03 September 2020

Download this tool card in JSON format

All groups using tool Sepulcher

ChangedNameCountryObserved

APT groups

 TA413China2019 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key