ELECTRICFISH

Description

(US-CERT) This report provides analysis of two malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between a source and a destination Internet Protocol (IP) address. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a tunneling session. The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network.

Names

Name
ELECTRICFISH
Alreay

Type

Tunneling

Information

https://www.us-cert.gov/ncas/analysis-reports/ar19-252b
https://securelist.com/blog/sas/77908/lazarus-under-the-hood/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.electricfish
https://malpedia.caad.fkie.fraunhofer.de/details/win.alreay

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:ElectricFish

Other Information

Uuid

0b56379e-b63d-4c34-824f-93e096ee8316

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

ELECTRICFISH

ELECTRICFISH

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks