Names | BH_A006 | |
Category | Malware | |
Type | Reconnaissance, Backdoor, Keylogger, Info stealer | |
Description | (BleepingComputer) BH_A006 is a heavily modified version of the Gh0st RAT backdoor, featuring many layers of obfuscation to bypass security protections and thwart analysis. Its features include network service creation, UAC bypassing, and shellcode unpacking and launching in the memory. | |
Information | <https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/> <https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/> |
Last change to this tool card: 19 July 2022
Download this tool card in JSON format
Previous: BFG Agonizer Wiper
Next: BHUNT
Changed | Name | Country | Observed | ||
APT groups | |||||
Space Pirates | 2017-Sep 2022 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |