ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool IMAPLoader

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: IMAPLoader

NamesIMAPLoader
CategoryMalware
TypeReconnaissance, Backdoor, Downloader
Description(PWC) IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads. It uses email as a C2 channel and is able to execute payloads extracted from email attachments and is executed via new service deployments.
Information<https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.imap_loader>

Last change to this tool card: 17 January 2024

Download this tool card in JSON format

Previous: IHEATE
Next: Imecab

All groups using tool IMAPLoader

ChangedNameCountryObserved

APT groups

 Tortoiseshell, Imperial KittenIran2018-Oct 2023X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]