Oceansalt

Description

(McAfee) Oceansalt reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew.

Oceansalt appears to be the first stage of an advanced persistent threat. The malware can send system data to a control server and execute commands on infected machines, but we do not yet know its ultimate purpose.

Names

Name
Oceansalt

Category

Malware

Type

• Reconnaissance
• Backdoor

Information

• https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf

Mitre Attack

• https://attack.mitre.org/software/S0346/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.oceansalt

Other Information

Uuid

f3a4d2fb-22d9-4e95-930a-86af8a0df5ce

Last Card Change

2020-04-23