OCEANMAP

Description

(BleepingComputer) Another tool used as part of the attack is the ‘OCEANMAP,’ a C# backdoor used primarily for executing base64-encoded commands via cmd.exe.

OCEANMAP establishes persistence on the system by creating a .URL file named ‘VMSearch.url’ in the Windows Startup folder.

OCEANMAP uses the Internet Message Access Protocol (IMAP) as a control channel to receive commands discreetly that are unlikely to raise alarms, storing them as email drafts containing the command, username, and OS version.

Names

Name
OCEANMAP

Type

Backdoor

Information

https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-ukraine-with-new-masepie-malware/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.oceanmap

Other Information

Uuid

db9c3b7f-516a-40d3-9d7a-4d3aea272482

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

OCEANMAP

OCEANMAP

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks