COLDJAVA

Description

(FireEye) The compromised CCleaner update (which we call DIRTCLEANER) is believed to download a second-stage loader (MD5: 748aa5fcfa2af451c76039faf6a8684d) that contains a 32-bit and 64-bit COLDJAVA DLL payload. The COLDJAVA payload contains shellcode that loads a variant of BlackCoffee.

Names

Name
COLDJAVA

Type

Loader

Information

https://docplayer.net/161018432-Double-dragon-apt41-a-dual-espionage-and-cyber-crime-operation.html

Other Information

Uuid

6cd752fe-bee6-4b3a-8296-34cc361fd460

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

COLDJAVA

COLDJAVA

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks