Actor(s): Lazarus Group
CLEANTOAD is a disruption tool that will delete file system artifacts, including those related to BLINDTOAD, and will run after a date obtained from a configuration file. The malware injects shellcode into notepad.exe and it overwrites and deletes files, modifies registry keys, deletes services, and clears Windows event logs.
|2018 ⋅ FireEye ⋅ |
CHEESETRAY CLEANTOAD NACHOCHEESE
There is no Yara-Signature yet.