Gelsevirine
Description
(ESET) Gelsevirine is the last stage of the chain and it is called MainPlugin by its developers, according to the DLL name and also PDB path found in old samples (Z:\z_code\Q1\Client\Win32\Release\MainPlugin.pdb). It’s also worth mentioning that if defenders manage to obtain this last stage alone, it won’t run flawlessly since it requires its arguments to be set up by Gelsenicine.
Names
Name |
---|
Gelsevirine |
Category
Malware
Type
- Backdoor
Information
Mitre Attack
Other Information
Uuid
120b6249-69a8-4ffb-80dc-32b483341245
Last Card Change
2022-12-30