THREEBYTE

Description

(Check Point) Threebyte is a Backdoor that targets the Windows platform. This malware contacts a remote server to receive commands to execute on the infected system. It sends out information about the targeted system. Furthermore, it has been reportedly delivered to a victim’s machine via exploitation of a Microsoft Word Document vulnerability (CVE-2012-0158). In order to survive system reboots, it adds a value to the Run key in the Registry.

Names

Name
THREEBYTE

Category

Malware

Type

• Reconnaissance
• Backdoor

Information

• https://threatpoint.checkpoint.com/ThreatPortal/threat?threatType=malwarefamily&threatId=2098
• https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.threebyte

Other Information

Uuid

02dfdac5-9b39-43b2-aea4-8b91f3999064

Last Card Change

2020-05-14