BUFFETLINE

Description

(US-CERT) This report looks at a full-featured beaconing implant. This sample uses PolarSSL for session authentication, but then utilizes a FakeTLS scheme for network encoding using a modified RC4 algorithm. It has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration.

Names

Name
BUFFETLINE

Type

Reconnaissance
Backdoor
Downloader
Exfiltration

Information

https://www.us-cert.gov/ncas/analysis-reports/ar20-045f

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.buffetline

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:BUFFETLINE

Other Information

Uuid

346a101f-489c-4d64-994b-f12ff6b60a1a

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

BUFFETLINE

BUFFETLINE

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks