OpGhoul

Description

(Kaspersky) The malware is based on the Hawkeye commercial spyware, which provides a variety of tools for the attackers, in addition to malware anonymity from attribution. It initiates by self-deploying and configuring persistence, while using anti-debugging and timeout techniques, then starts collecting interesting data from the victim’s device, including: • Keystrokes • Clipboard data • FileZilla ftp server credentials • Account data from local browsers • Account data from local messaging clients (Paltalk, Google talk, AIM…) • Account data from local email clients (Outlook, Windows Live mail…) • License information of some installed applications

Names

Name
OpGhoul

Type

Reconnaissance
Backdoor
Keylogger
Credential stealer
Info stealer

Information

https://securelist.com/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/75718/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.opghoul

Other Information

Uuid

95f5b536-a369-481f-a9da-71b6a4dc16ed

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

OpGhoul

OpGhoul

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks