HighNoon

Description

(FireEye) HIGHNOON is a backdoor that consists of multiple components, including a loader, dynamic-link library (DLL), and a rootkit. When loaded, the DLL may deploy one of two embedded drivers to conceal network traffic and communicate with its command and control server to download and launch memory-resident DLL plugins.

HighNoon seems to be a variant of Winnti.

Names

Name
HighNoon

Type

Backdoor
Rootkit

Information

https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.highnoon
https://malpedia.caad.fkie.fraunhofer.de/details/win.highnoon_bin

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:HIGHNOON

Other Information

Uuid

24a67ed1-9fa5-4d77-a1dd-9cf8a6011beb

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

HighNoon

HighNoon

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks