MechaFlounder

Description

(Palo Alto) MechaFlounder begins by entering a loop that will continuously attempt to communicate with its C2 server. The Trojan will use HTTP to send an outbound beacon to its C2 server that contains the user’s account name and hostname in the URL. The code builds the URL by concatenating the username and hostname with two dashes “–” between the two strings. The code then creates the URL string by using the username and hostname string twice with the back-slash “\” character between the two and by appending the string “-sample.html”.

Names

Name
MechaFlounder

Type

Backdoor

Information

https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/

Mitre Attack

https://attack.mitre.org/software/S0459/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:MechaFlounder

Other Information

Uuid

662241e8-4952-4cfc-8d1f-e96dc38593e5

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

MechaFlounder

MechaFlounder

Description

Names

Category

Type

Information

Mitre Attack

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks