MOPSLED

Description

(Mandiant) MOPSLED is a shellcode-based modular backdoor that has the capability to communicate over HTTP or a custom binary protocol over TCP to its C2 server. The core functionality of MOPSLED involves expanding its capabilities by retrieving plugins from the C2 server. MOPSLED also uses a custom ChaCha20 encryption algorithm to decrypt embedded and external configuration files.

Mandiant observed sharing of MOPSLED between other Chinese cyber espionage groups including APT41. Mandiant considered MOPSLED to be an evolution of CrossWalk, which can act as a network proxy.

Names

Name
MOPSLED

Type

Reconnaissance
Backdoor

Information

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Other Information

Uuid

50d20909-9e12-4a46-8305-7af8ae4ae861

Last Card Change

2024-08-26

Threat Intelligence Garden

Explorer

MOPSLED

MOPSLED

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks