Names | UNAPIMON | |
Category | Malware | |
Type | Loader | |
Description | (Trend Micro) Looking at the behavior of UNAPIMON and how it was used in the attack, we can infer that its primary purpose is to unhook critical API functions in any child process. For environments that implement API monitoring through hooking such as sandboxing systems, UNAPIMON will prevent child processes from being monitored. Thus, this malware can allow any malicious child process to be executed with its behavior undetected. | |
Information | <https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html> |
Last change to this tool card: 22 April 2024
Download this tool card in JSON format
Previous: UltraVNC
Next: Underground
Changed | Name | Country | Observed | ||
APT groups | |||||
↳ Subgroup: Earth Freybug | 2012 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |