DEADEYE

Description

(FireEye) Tracking APT41 activities over the past months, we observed multiple samples that shared two unique features: the use of RC5 encryption which we don’t encounter often, and a unique string “f@Ukd!rCto R$.”. We track these samples as DEADEYE.

DEADEYE comes in multiple variants: • DEADEYE.DOWN has the capability to download additional payloads. • DEADEYE.APPEND has additional payloads appended to it. • DEADEYE.EXT loads payloads that are already present on the system.

Names

Name
DEADEYE
DEADEYE.EMBED
DEADEYE.APPEND

Type

Downloader

Information

https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html

Mitre Attack

https://attack.mitre.org/software/S1052

Other Information

Uuid

ef5ffed4-c004-4742-9648-679ad06b6f31

Last Card Change

2024-01-17

Threat Intelligence Garden

Explorer

DEADEYE

DEADEYE

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks