LOWBALL

Description

(FireEye) This backdoor, known as LOWBALL, uses the legitimate Dropbox cloud-storage service to act as the CnC server. It uses the Dropbox API with a hardcoded bearer access token and has the ability to download, upload, and execute files. The communication occurs via HTTPS over port 443.

Names

Name
LOWBALL

Type

Backdoor
Exfiltration

Information

https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html

Mitre Attack

https://attack.mitre.org/software/S0042/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.lowball

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:lowball

Other Information

Uuid

1cf868dc-4067-40c8-aaec-a47cfac9f37c

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

LOWBALL

LOWBALL

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks