SYMBOL | COMMON_NAME | aka. SYNONYMS |
Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.
2021-01-25 ⋅ CYBER GEEKS All Things Infosec ⋅ A detailed analysis of ELMER Backdoor used by APT16 ELMER |
2019-12-12 ⋅ FireEye ⋅ Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019 ⋅ MITRE ⋅ Tool description: ELMER ELMER |
2019 ⋅ Council on Foreign Relations ⋅ APT 16 APT 16 |
2017-05-31 ⋅ MITRE ⋅ APT16 ELMER APT 16 |
2015-12-21 ⋅ Symantec ⋅ Downloader.Ironhalo IRONHALO |
2015-12-21 ⋅ Symantec ⋅ Backdoor.Elmost ELMER |
2015-12-21 ⋅ FireEye ⋅ The EPS Awakens - Part 2 ELMER IRONHALO EvilPost |
2015-12-16 ⋅ FireEye ⋅ The EPS Awakens IRONHALO APT 16 |