SYMBOLCOMMON_NAMEaka. SYNONYMS
js.cactustorch (Back to overview)

CACTUSTORCH

Actor(s): APT32, Leviathan


According to the GitHub repo, CACTUSTORCH is a JavaScript and VBScript shellcode launcher. It will spawn a 32 bit version of the binary specified and inject shellcode into it.

References
2022-01-16forensicitguyTony Lambert
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike
2020-09-24MicrosoftBen Koehl, Joe Hannon, Microsoft Identity Security Team
Microsoft Security—detecting empires in the cloud
CACTUSTORCH LazyCat APT40
2020-09-23SeqriteGoutam Tripathy, Kalpesh Mantri, Pawan CHaudhari
Operation SideCopy: An insight into Transparent Tribe’s sub-division which has been incorrectly attributed for years
CACTUSTORCH AllaKore
2019-04-01Macnica NetworksMacnica Networks
OceanLotus Attack on Southeast Asian Automotive Industry
CACTUSTORCH Cobalt Strike
2018-12-20CoderctoCodercto
Analysis of the attack activities of Hailian Lotus APT group against large domestic investment companies
CACTUSTORCH
2017-11-16Github (mdsecactivebreach)Vincent Yiu
CACTUSTORCH: Payload Generation for Adversary Simulations
CACTUSTORCH

There is no Yara-Signature yet.