WARPRISM

Description

(FireEye) WARPRISM is a PowerShell dropper that has been observed by Mandiant delivering SunCrypt, Cobalt Strike, and Mimikatz. WARPRISM is used to evade endpoint detection and will load its payload directly into memory. WARPRISM may be used by multiple groups.

Names

Name
WARPRISM

Type

Dropper

Information

https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html

Other Information

Uuid

9672ed6f-d3ba-4a31-a3a0-aa19d6aeead8

Last Card Change

2021-05-15

Threat Intelligence Garden

Explorer

WARPRISM

WARPRISM

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks