StrongPity3

Description

(Talos) StrongPity3 is the evolution of StrongPity2, with a few differences. The latter does not use libcurl anymore and now uses winhttp to perform all requests to C2. The usage of the HKCU\Software\Microsoft\Windows\CurrentVersion\Run registry key has a persistence mechanism that has been replaced by the creation of a service. This service changes its name from package to package. The service executable’s only job is to launch the C2 contact module upon service startup. The remaining malware flow is the same on both versions.

Names

Name
StrongPity3

Type

Backdoor
Info stealer
Exfiltration

Information

https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html

Other Information

Uuid

8fa25345-1e8e-47d1-a86f-8c58be2b14b2

Last Card Change

2020-07-01

Threat Intelligence Garden

Explorer

StrongPity3

StrongPity3

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks