Names | Oceansalt | |
Category | Malware | |
Type | Reconnaissance, Backdoor | |
Description | (McAfee) Oceansalt reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew. Oceansalt appears to be the first stage of an advanced persistent threat. The malware can send system data to a control server and execute commands on infected machines, but we do not yet know its ultimate purpose. | |
Information | <https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0346/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.oceansalt> |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Comment Crew, APT 1 | 2006-May 2018 | ||||
Reaper, APT 37, Ricochet Chollima, ScarCruft | 2012-Sep 2024 |
2 groups listed (2 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |