Tool: Oceansalt| Names | Oceansalt | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor | |
| Description | (McAfee) Oceansalt reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew. Oceansalt appears to be the first stage of an advanced persistent threat. The malware can send system data to a control server and execute commands on infected machines, but we do not yet know its ultimate purpose. | |
| Information | <https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0346/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.oceansalt> | |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Comment Crew, APT 1 |  | 2006-May 2018 |  | ||
| Reaper, APT 37, Ricochet Chollima, ScarCruft |  | 2012-Dec 2020  | | ||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |