ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool sip_telephone

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: sip_telephone

Namessip_telephone
CategoryMalware
TypeReconnaissance
Description(Trend Micro) sip_telephone, also named in the PDB path as such, uses Windows Management Instrumentation (WMI) to get the AV installed in the machine, its computer name, and processor ID, among others. It performs tasks in an endless loop, with 100 seconds of sleep time.
Information<https://documents.trendmicro.com/assets/research-deciphering-confucius-cyberespionage-operations.pdf>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Sinowal
Next: Sisfader

All groups using tool sip_telephone

ChangedNameCountryObserved

APT groups

 ConfuciusIndia2013-May 2018 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key