Names | Contopee WHITEOUT | |
Category | Malware | |
Type | Backdoor | |
Description | (SecurityWeek) Aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus. The ransomware shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus. One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry. The cipher suite in both samples has the same set of 75 different ciphers to choose from (as opposed to OpenSSL where there are over 300). | |
Information | <https://www.securityweek.com/wannacry-highly-likely-work-north-korean-linked-hackers-symantec-says> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.contopee> |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
Previous: Conti
Next: CookieBag
Changed | Name | Country | Observed | ||
APT groups | |||||
Lazarus Group, Hidden Cobra, Labyrinth Chollima | 2007-Sep 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |