Tarsip

Description

The TARSIP malware family is a backdoor which communicates over encoded information in HTTPS headers. Typical TARSIP malware samples will only beacon out to their C2 servers if the C2 DNS address resolves to a specific address. The capability of TARSIP backdoors includes file uploading, file downloading, interactive command shells, process enumeration, process creation, process termination. The TARSIP-ECLIPSE family is distinguished by the presence of ‘eclipse’ in .pdb debug strings present in the malware samples. It does not provide a built in mechanism to maintain persistence. The TARSIP-MOON family is distinguished by the presence of ‘moon’ in .pdb debug strings present in the malware samples. It does not provide a built in mechanism to maintain persistence.

Names

Name
Tarsip

Type

Backdoor
Exfiltration

Information

http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.tarsip

Other Information

Uuid

97384be1-282a-41cb-8c15-2fbe9a882b3c

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Tarsip

Tarsip

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks