CEELOADER

Description

(Mandiant) The threat actor used native Windows tools to perform initial reconnaissance, credential theft and deploy Cobalt Strike BEACON to devices via PowerShell. The actor then used this BEACON implant to persistently install CEELOADER as a Scheduled Task that ran on login as SYSTEM on specific systems. CEELOADER is [a] downloader that decrypts a shellcode payload to execute in memory on the victim device.

Names

Name
CEELOADER

Type

Loader

Information

https://www.mandiant.com/resources/russian-targeting-gov-business

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.ceeloader

Other Information

Uuid

7faa4be1-750b-4e78-8c2e-ee6e23483813

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

CEELOADER

CEELOADER

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks