Cryptmerlin

Description

(Trend Micro) Attackers used the DLL sideloading technique on the target machine to launch Cryptmerlin, a customized backdoor based on an open-source malware, Merlin Agent, written in Golang. Unlike the original Merlin Agent, Cryptmerlin currently only implements the ExecuteCommand function, which will communicate to the C&C server via HTTP/HTTPS request. To lower the security warning on the infected machine, Cryptmerlin can also communicate with the C&C server over proxy server, with the information of the victim’s internal proxy also embedded in the config.

Names

Name
Cryptmerlin

Type

Backdoor

Information

https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

Other Information

Uuid

c822bea5-3bc1-47dc-82a0-e0f9d5d4cddb

Last Card Change

2024-12-26

Threat Intelligence Garden

Explorer

Cryptmerlin

Cryptmerlin

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks