 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: WHEATSCAN| Names | WHEATSCAN | |
| Category | Malware | |
| Type | Vulnerability scanner | |
| Description | (FireEye) After gaining initial access, the operators conduct credential harvesting and extensive internal network reconnaissance. This includes running native Windows commands on compromised servers, executing AdFind on the Active Directory, and scanning the internal network with numerous publicly available tools and a non-public scanner we named WHEATSCAN. The operators made a consistent effort to delete these tools and remove any residual forensic artifacts from compromised systems. | |
| Information | <https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html> | |
Last change to this tool card: 01 November 2021
Download this tool card in JSON format
Previous: WellMess
Next: WhiskerSpy
| Changed | Name | Country | Observed | ||
APT groups | |||||
| UNC215 |  | 2019 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |