According to FireEye, HIGHNOON is a backdoor that may consist of multiple components. The components may include a loader, a DLL, and a rootkit. Both the loader and the DLL may be dropped together, but the rootkit may be embedded in the DLL. The HIGHNOON loader may be designed to run as a Windows service.
|2019-08-19 ⋅ FireEye ⋅ |
GAME OVER: Detecting and Stopping an APT41 Operation
ACEHASH CHINACHOPPER HIGHNOON
|2019-08-09 ⋅ FireEye ⋅ |
Double Dragon APT41, a dual espionage and cyber crime operation
CLASSFON crackshot CROSSWALK GEARSHIFT HIGHNOON HIGHNOON.BIN JUMPALL poisonplug Winnti
|2019-08-08 ⋅ Twitter (@MrDanPerez) ⋅ |
Tweet on Winnti and HIGHNOON
There is no Yara-Signature yet.