 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: HOPLIGHT| Names | HOPLIGHT HANGMAN | |
| Category | Malware | |
| Type | Tunneling | |
| Description | (US-CERT) This report provides analysis of twenty malicious executable files. Sixteen of these files are proxy applications that mask traffic between the malware and the remote operators. The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors. One file contains a public SSL certificate and the payload of the file appears to be encoded with a password or key. The remaining file does not contain any of the public SSL certificates, but attempts outbound connections and drops four files. The dropped files primarily contain IP addresses and SSL certificates. | |
| Information | <https://www.us-cert.gov/ncas/analysis-reports/ar20-045g> <https://www.computing.co.uk/ctg/news/3074007/lazarus-rises-warning-over-new-hoplight-malware-linked-with-north-korea> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0376/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hoplight> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:HOPLIGHT> | |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Previous: HOOKSHOT
Next: HopperTick
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Feb 2024  |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |