ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool WARPRISM

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: WARPRISM

NamesWARPRISM
CategoryMalware
TypeDropper
Description(FireEye) WARPRISM is a PowerShell dropper that has been observed by Mandiant delivering SunCrypt, Cobalt Strike, and Mimikatz. WARPRISM is used to evade endpoint detection and will load its payload directly into memory. WARPRISM may be used by multiple groups.
Information<https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html>

Last change to this tool card: 14 May 2021

Download this tool card in JSON format

Previous: WARP
Next: WastedLoader

All groups using tool WARPRISM

ChangedNameCountryObserved

APT groups

 Carbanak, AnunakUkraine2013-Aug 2021 HOTX
 SunCrypt Gang[Unknown]2019-Oct 2020 
 UNC2447[Unknown]2020 

3 groups listed (3 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key