ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool KOMPROGO

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KOMPROGO

Splinter RAT
TypeReconnaissance, Backdoor, Info stealer, Downloader
Description(Cylance) Splinter arrives as an MSBuild project file containing a Base64 encoded PowerShell script generated using the MSFvenom psh-reflection module. As in the case of Remy, it utilizes on-the-fly C# compilation and strips off several PowerShell wrappers before the shellcode that calls the final payload is invoked. The backdoor itself is a Win32 PE EXE file and has the capability to collect information, download and execute payloads, run WMI queries, and manipulate files, processes, and registry entries. The overall functionality of Splinter appears pretty much in line with the “KOMPROGO” malware (as described in the FireEye APT32 report).
AlienVault OTX<>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool KOMPROGO


APT groups

 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020X

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]