SYMBOLCOMMON_NAMEaka. SYNONYMS
win.downpaper (Back to overview)

DownPaper

Actor(s): Charming Kitten


DownPaper, sometimes delivered as sami.exe, is a Backdoor trojan. Its main functionality is to download
and run a second stage. This malware has been observed in campaigns involving Charming Kitten, an Iranian cyberespionage group.

References
2022-06-20Infinitum ITinfinitum IT
@online{it:20220620:charming:b356ff2, author = {infinitum IT}, title = {{Charming Kitten (APT35)}}, date = {2022-06-20}, organization = {Infinitum IT}, url = {https://www.infinitumit.com.tr/apt-35/}, language = {Turkish}, urldate = {2022-06-22} } Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy
2017-12-05ClearSky Research Team
@online{team:20171205:charming:064ca51, author = {ClearSky Research Team}, title = {{Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets}}, date = {2017-12-05}, url = {http://www.clearskysec.com/charmingkitten/}, language = {English}, urldate = {2019-12-17} } Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets
DownPaper
2017-12ClearSkyClearSky Research Team
@techreport{team:201712:charming:49a8e0c, author = {ClearSky Research Team}, title = {{Charming Kitten}}, date = {2017-12}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf}, language = {English}, urldate = {2019-12-04} } Charming Kitten
DownPaper Charming Kitten

There is no Yara-Signature yet.