SYMBOLCOMMON_NAMEaka. SYNONYMS
win.highnoon (Back to overview)

HIGHNOON

Actor(s): APT41, Aurora Panda


According to FireEye, HIGHNOON is a backdoor that may consist of multiple components. The components may include a loader, a DLL, and a rootkit. Both the loader and the DLL may be dropped together, but the rootkit may be embedded in the DLL. The HIGHNOON loader may be designed to run as a Windows service.

References
2019-08-19FireEyeAlex Pennino, Matt Bromiley
@online{pennino:20190819:game:b6ef5a0, author = {Alex Pennino and Matt Bromiley}, title = {{GAME OVER: Detecting and Stopping an APT41 Operation}}, date = {2019-08-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html}, language = {English}, urldate = {2020-01-06} } GAME OVER: Detecting and Stopping an APT41 Operation
ACEHASH CHINACHOPPER HIGHNOON
2019-08-09FireEyeFireEye
@online{fireeye:20190809:double:40f736e, author = {FireEye}, title = {{Double Dragon APT41, a dual espionage and cyber crime operation}}, date = {2019-08-09}, organization = {FireEye}, url = {https://content.fireeye.com/apt-41/rpt-apt41/}, language = {English}, urldate = {2019-12-18} } Double Dragon APT41, a dual espionage and cyber crime operation
CLASSFON crackshot CROSSWALK GEARSHIFT HIGHNOON HIGHNOON.BIN JUMPALL poisonplug Winnti
2019-08-08Twitter (@MrDanPerez)Dan Perez
@online{perez:20190808:winnti:6c0b6b0, author = {Dan Perez}, title = {{Tweet on Winnti and HIGHNOON}}, date = {2019-08-08}, organization = {Twitter (@MrDanPerez)}, url = {https://twitter.com/MrDanPerez/status/1159461995013378048}, language = {English}, urldate = {2020-01-13} } Tweet on Winnti and HIGHNOON
HIGHNOON

There is no Yara-Signature yet.