ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool StrongPity3

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: StrongPity3

NamesStrongPity3
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Talos) StrongPity3 is the evolution of StrongPity2, with a few differences. The latter does not use libcurl anymore and now uses winhttp to perform all requests to C2. The usage of the HKCU\Software\Microsoft\Windows\CurrentVersion\Run registry key has a persistence mechanism that has been replaced by the creation of a service. This service changes its name from package to package. The service executable's only job is to launch the C2 contact module upon service startup. The remaining malware flow is the same on both versions.
Information<https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html>

Last change to this tool card: 01 July 2020

Download this tool card in JSON format

Previous: StrongPity2
Next: STSRCheck

All groups using tool StrongPity3

ChangedNameCountryObserved

APT groups

 Promethium, StrongPityTurkey2012-Feb 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key