GREENCAT

Description

Members of this family are full featured backdoors that communicates with a Web-based Command & Control (C2) server over SSL. Features include interactive shell, gathering system info, uploading and downloading files, and creating and killing processes, Malware in this family usually communicates with a hard-coded domain using SSL on port 443. Some members of this family rely on launchers to establish persistence mechanism for them. Others contains functionality that allows it to install itself, replacing an existing Windows service, and uninstall itself. Several variants use %SystemRoot%\Tasks or %WinDir%\Tasks as working directories, additional malware artifacts may be found there.

Names

Name
GREENCAT

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Other Information

Uuid

3c0f9a9d-46e8-493d-a2f4-1c10627fe901

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

GREENCAT

GREENCAT

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks