SYMBOLCOMMON_NAMEaka. SYNONYMS

Cold River  (Back to overview)

aka: Nahr Elbard, Nahr el bared

In short, “Cold River” is a sophisticated threat (actor) that utilizes DNS subdomain hijacking, certificate spoofing, and covert tunneled command and control traffic in combination with complex and convincing lure documents and custom implants.


Associated Families

There are currently no families associated with this actor.


References
2019-01-11LastlineQuentin Fois
Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent Drable
Cold River

Credits: MISP Project