SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.cageychameleon (Back to overview)

CageyChameleon

aka: Cabbage RAT

CageyChameleon Malware is a VBS-based backdoor which has the capability to enumerate the list of running processes and check for the presence of several antivirus products. CageyChameleon will collect user host information, system current process information, etc. The collected information is sent back to the C2 server, and continue to initiate requests to perform subsequent operations.

References
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
@online{lesnewich:20230125:ta444:ae76e7b, author = {Greg Lesnewich and Proofpoint Threat Research Team}, title = {{TA444: The APT Startup Aimed at Acquisition (of Your Funds)}}, date = {2023-01-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds}, language = {English}, urldate = {2023-01-25} } TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon
2021-05ClearSkyClearSky
@techreport{clearsky:202105:attributing:67fb261, author = {ClearSky}, title = {{Attributing Attacks Against Crypto Exchanges to LAZARUS – North Korea}}, date = {2021-05}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf}, language = {English}, urldate = {2021-06-09} } Attributing Attacks Against Crypto Exchanges to LAZARUS – North Korea
CageyChameleon
2020-10-03VB LocalhostTakai Hajime, Shogo Hayashi, Rintaro Koike
@online{hajime:20201003:unveiling:826bb2b, author = {Takai Hajime and Shogo Hayashi and Rintaro Koike}, title = {{Unveiling the CryptoMimic}}, date = {2020-10-03}, organization = {VB Localhost}, url = {https://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/}, language = {English}, urldate = {2021-06-08} } Unveiling the CryptoMimic
CageyChameleon
2020-06-26Atlas CybersecurityAtlas Cybersecurity
@online{cybersecurity:20200626:cryptocore:19a42eb, author = {Atlas Cybersecurity}, title = {{CryptoCore – Cryptocurrency Exchanges Under Attack}}, date = {2020-06-26}, organization = {Atlas Cybersecurity}, url = {https://atlas-cybersecurity.com/cyber-threats/cryptocore-cryptocurrency-exchanges-under-attack/}, language = {English}, urldate = {2021-06-08} } CryptoCore – Cryptocurrency Exchanges Under Attack
CageyChameleon
2020-06-24ClearSkyClearSky Research Team
@techreport{team:20200624:cryptocore:c9dde67, author = {ClearSky Research Team}, title = {{CryptoCore: A Threat Actor Targeting Cryptocurrency Exchanges}}, date = {2020-06-24}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf}, language = {English}, urldate = {2021-06-09} } CryptoCore: A Threat Actor Targeting Cryptocurrency Exchanges
CageyChameleon
2020-06-24ClearSkyClearSky Research Team
@online{team:20200624:cryptocore:16e4ad2, author = {ClearSky Research Team}, title = {{CryptoCore Group : A Threat Actor Targeting Cryptocurrency Exchanges}}, date = {2020-06-24}, organization = {ClearSky}, url = {https://www.clearskysec.com/cryptocore-group/}, language = {English}, urldate = {2021-06-21} } CryptoCore Group : A Threat Actor Targeting Cryptocurrency Exchanges
CageyChameleon
2020-05-06Cyber StruggleCyber Struggle
@techreport{struggle:20200506:leery:ec06996, author = {Cyber Struggle}, title = {{Leery Turtle Threat Report}}, date = {2020-05-06}, institution = {Cyber Struggle}, url = {https://cyberstruggle.org/delta/LeeryTurtleThreatReport_05_20.pdf}, language = {English}, urldate = {2021-06-09} } Leery Turtle Threat Report
CageyChameleon
2019-03-14ProofpointProofpoint
@online{proofpoint:20190314:daily:859e554, author = {Proofpoint}, title = {{Daily Ruleset Update Summary 2019/03/14}}, date = {2019-03-14}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/daily-ruleset-update-summary-20190314}, language = {English}, urldate = {2021-06-08} } Daily Ruleset Update Summary 2019/03/14
CageyChameleon

There is no Yara-Signature yet.