Home > List all groups > List all tools > List all groups using tool Harpoon

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Harpoon

TypeReconnaissance, Backdoor, Keylogger, Info stealer, Exfiltration
Description(Qihoo 360) [Google translated] Harpoon is a backdoor program for specific users independently developed by the Golden Eagle (APT-C-34) organization, which is implemented using Delphi. We obtained the instruction manual of the backdoor. The backdoor has powerful information collection functions, including screen captures, audio recordings, clipboard records, keyboard records, and stealing files with specific extensions.

The STS Harpoon program provides the following functions:
• Keylogger
• Clipboard record
• Take screenshots of the active window on the desktop of the target computer at predetermined intervals;
• List the contents of a given directory on the hard disk of the target computer;
• Get Skype login name, contact list and chat messages;
• Get Skype and Google Hangouts callers and voice records;
• Record sound from the microphone and eavesdrop;
• Copy the specified file from the target computer;
• Automatically copy document files from removable media on the target computer;
• Package all the intercepted and copied information into an encrypted dat file, and then save them in the specified directory;
• Send the obtained information to the specified FTP;
• Run programs or operating system commands;
• Download files from a given FTP and release them to a specified directory;
• Remotely reconfigure and update components;
• Receive information from a given FTP and automatically unzip the file to a specified directory;
• Self-destruct

The information collected by the backdoor is encrypted and uploaded to the designated FTP server. The related collected information is in the encrypted configuration file.

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool Harpoon


APT groups

 DustSquad, Golden FalconRussia2014 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key