SymonLoader

Description

(Palo Alto) When executed, the loader starts monitoring storage device changes on a compromised machine. If SymonLoader detects the targeted type of secure USB drive, it attempts to access the storage through the device driver corresponding to the secure USB and checks for strings specific to one type of secure USB in the drive information fields. Then, it accesses a predefined location of the storage on the USB and extracts an unknown PE file.

Names

Name
SymonLoader

Type

Loader

Information

https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:SymonLoader

Other Information

Uuid

fbb29314-33cd-4170-9df9-801828cc3742

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

SymonLoader

SymonLoader

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks