Emissary

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Emissary is a malicious software (malware) known for its damaging and exploitative characteristics. The malware operates as a Trojan, named Emissary, that infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can disrupt operations, steal personal information, or even hold data hostage for ransom. This Trojan runs within the Internet Explorer process and communicates with a command and control (C2) server by sending network beacons. The C2 server provides commands to the Trojan in the form of a three-digit numeric string, which the Emissary Trojan decrypts and compares to a list of commands within its command handler. The payload of the Emissary attack is unique in its use of a seed value of 1024 in its algorithm, differentiating it from similar malware like Elise, which uses a seed value of 2012. This Trojan is associated with the EMISSARY PANDA threat group, identified as originating from China. In testing scenarios conducted by SE Labs, the tactics, techniques, and procedures (TTPs) of Emissary were emulated alongside other formidable adversary groups such as Russia-nexus Turla, North Korea-nexus Kimsuky, and another China-nexus group, Ke3chang. In one instance, threat actors attempted to exploit CVE-2014-6332 to install a new version of the Emissary Trojan, specifically version 5.3. The Emissary Trojan is related to the Elise malware used in Operation Lotus Blossom, an attack campaign on targets in Southeast Asia. This Trojan provides backdoor access to compromised systems, allowing threat actors to manipulate the system at their will. Its command handler function supports six commands, enabling a broad range of disruptive activities.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Emissary Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Attack on French Diplomat Linked to Operation Lotus Blossom
MITRE
a year ago
Emissary Panda Attacks Middle East Government SharePoint Servers
MITRE
a year ago
Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”
CERT-EU
a year ago
FBI: Crooks posing as PRC agents prey on Chinese in the US
CERT-EU
10 months ago
Links 18/07/2023: Akademy 2023 Videos and Debian Brainwashing
CrowdStrike
10 months ago
CrowdStrike Scores 100% in SE Labs 2023 Q2 EAS Test | CrowdStrike
CERT-EU
6 months ago
Cybersecurity, ICT and Media Policies | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting