SYMBOLCOMMON_NAMEaka. SYNONYMS
win.ironnetinjector (Back to overview)

IronNetInjector

According to Mitre, IronNetInjector is a Turla toolchain that utilizes scripts from the open-source IronPython implementation of Python with a .NET injector to drop one or more payloads including ComRAT.

References
2021-02-19Palo Alto Networks Unit 42Dominik Reichel
IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ IronNetInjector TurlaRPC

There is no Yara-Signature yet.