ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Contopee

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Contopee

NamesContopee
WHITEOUT
CategoryMalware
TypeBackdoor
Description(SecurityWeek) Aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus. The ransomware shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus. One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry. The cipher suite in both samples has the same set of 75 different ciphers to choose from (as opposed to OpenSSL where there are over 300).
Information<https://www.securityweek.com/wannacry-highly-likely-work-north-korean-linked-hackers-symantec-says>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.contopee>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

Previous: Conti
Next: CookieBag

All groups using tool Contopee

ChangedNameCountryObserved

APT groups

 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]