SYMBOLCOMMON_NAMEaka. SYNONYMS
win.mistpen (Back to overview)

MISTPEN

Actor(s): UNC2970

According to Mandiant, MISTPEN is a lightweight backdoor written in C whose main functionality is to download and execute Portable Executable (PE) files. The backdoor is a modification of the open-source Notepad++ binhex plugin v2.0.0.1 where the creation of a thread that executes the malicious code has been added to the DllMain function.

References
2024-12-19Kaspersky LabsSojun Ryu, Vasily Berdnikov
Lazarus group evolves its infection chain with old and new malware
MISTPEN
2024-09-17MandiantMandiant
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
MISTPEN

There is no Yara-Signature yet.