| SYMBOL | COMMON_NAME | aka. SYNONYMS |
In short, “Cold River” is a sophisticated threat (actor) that utilizes DNS subdomain hijacking, certificate spoofing, and covert tunneled command and control traffic in combination with complex and convincing lure documents and custom implants.
There are currently no families associated with this actor.
| 2019-01-11
⋅
Lastline
⋅
Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent Drable Cold River |