ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool WispRider

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: WispRider

NamesWispRider
CategoryMalware
TypeBackdoor
Description(Check Point) WispRider is a side-loaded DLL which contains both the USB infector component and the backdoor itself. It first creates a mutex to ensure there is a single instance running and checks that the executable that side-loaded it was executed with the proper argument. Next, it searches for a configuration file by first identifying a currently running directory from which the executable runs, and then recursively scanning from that directory to check each file as a potential config file candidate.
Information<https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/>

Last change to this tool card: 23 June 2023

Download this tool card in JSON format

Previous: WINTERLOVE
Next: WinZip

All groups using tool WispRider

ChangedNameCountryObserved

APT groups

XMustang Panda, Bronze PresidentChina2012-Mar 2024 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]