| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.
| 2022-08-04
⋅
Mandiant
⋅
Advanced Persistent Threats (APTs) APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD POISONPLUG TrickBot BlackTech |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
APT 16 APT16 |
| 2017-05-31
⋅
MITRE
⋅
APT16 ELMER APT16 |
| 2016-05-25
⋅
Kaspersky Labs
⋅
CVE-2015-2545: overview of current threats APT16 Danti |
| 2015-12-21
⋅
Symantec
⋅
Downloader.Ironhalo IRONHALO |
| 2015-12-21
⋅
FireEye
⋅
The EPS Awakens - Part 2 ELMER IRONHALO EvilPost |
| 2015-12-16
⋅
FireEye
⋅
The EPS Awakens IRONHALO APT16 |