TidePool

Description

(Palo Alto) TidePool contains many capabilities common to most RATs. It allows the attacker to read, write and delete files and folders, and run commands over named pipes. TidePool gathers information about the victim’s computer, base64 encodes the data, and sends it to the Command and Control (C2) server via HTTP, which matches capabilities of the BS2005 malware family used by the Ke3chang actor.

Names

Name
TidePool

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

https://unit42.paloaltonetworks.com/operation-ke3chang-resurfaces-with-new-tidepool-malware/
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.tidepool

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:TidePool

Other Information

Uuid

7994d89d-4fcc-4e67-9597-602777f57a17

Last Card Change

2020-05-14

Threat Intelligence Garden

Explorer

TidePool

TidePool

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks