 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: BELLHOP| Names | BELLHOP | |
| Category | Malware | |
| Type | Backdoor, Downloader | |
| Description | BELLHOP is a JavaScript backdoor interpreted using the native Windows Scripting Host (WSH). After performing some basic host information gathering, the BELLHOP dropper downloads a base64-encoded blob of JavaScript to disk and sets up persistence in three ways: • Creating a Run key in the Registry • Creating a RunOnce key in the Registry • Creating a persistent named scheduled task • BELLHOP communicates using HTTP and HTTPS with primarily benign sites such as Google Docs and PasteBin. | |
| Information | <https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/js.bellhop> | |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Previous: Behinder
Next: Bemstour
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Carbanak, Anunak |  | 2013-Apr 2023 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |