BADFLICK

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Badflick is a malware that belongs to the family of backdoors and is commonly used by APT40, a Chinese threat group. This malware can modify the file system, generate a reverse shell, and change its command-and-control configuration. Badflick is usually deployed through custom credential theft utilities like HOMEFRY, a password dumper/cracker, which has previously been used in conjunction with AIRBREAK and BADFLICK backdoors. APT40 has also been known to use other malware such as PHOTO and CHINA CHOPPER. PHOTO, also known as Derusbi, is a commercially available backdoor that has been observed being used by APT40. Additionally, APT40 leverages tools such as MURKYTOP, a command-line reconnaissance tool, to gather information about compromised systems. Historical indicators show that APT40 has been using these tools and techniques for several years. For example, green.ddd, a file hash associated with AIRBREAK, has been observed in previous attacks by APT40. The use of sophisticated malware like Badflick and custom-built tools highlights the advanced capabilities of APT40 and underscores the importance of strong cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Derusbi
1
Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
China
Windows
Beacon
Reconnaissance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
China ChopperUnspecified
1
China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated
HOMEFRYUnspecified
1
Homefry is a 64-bit Windows password dumper/cracker that has been used in conjunction with the AIRBREAK and BADFLICK backdoors by APT40, a Chinese state-sponsored cyber espionage group. Malware is harmful software designed to exploit and damage your computer or device. It can infect your system thro
MURKYTOPUnspecified
1
Murkytop is a type of malware that is primarily a command-line reconnaissance tool. It can also be used for lateral movement, which makes it a potent threat to any system it infects. Malware is designed to exploit and damage computer or device systems, often without the user knowing. Murkytop, in pa
AirbreakUnspecified
1
Airbreak is a malicious software (malware) used by Advanced Persistent Threat group APT40, known for its sophisticated cyber-espionage campaigns. This JavaScript-based backdoor malware retrieves commands from hidden strings in compromised webpages and actor-controlled profiles on legitimate services
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT40Unspecified
1
APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BADFLICK Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries | Mandiant
MITRE
a year ago
APT40: Examining a China-Nexus Espionage Actor | Mandiant