Final1stspy

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Final1stspy is a previously unreported malware family that has been discovered and named based on a pdb string found in the malware. This harmful software, designed to exploit and damage computer systems, is closely related to the NOKKI and DOGCALL malware families, used as a deployment mechanism for the latter. The malware operates through an executable file and a DLL, initiating its process by searching for a specific file. Once inside a system, it can disrupt operations, steal personal information, or even hold data hostage. The modus operandi of Final1stspy involves reading in a %APPDATA%/Microsoft/olevnc.ini file containing various variables such as user-agent, URL, port, and interval counts. It continues its operation by reading and parsing a previously written mib.dat file. Furthermore, it was observed making HTTP requests, indicating its active communication with external servers. The malware's activities can be tracked via the KONNI, NOKKI, Final1stspy, DOGCALL, and Reaper tags on AutoFocus. In conclusion, Final1stspy is a new addition to the growing list of malicious software threats. Its association with the known NOKKI and DOGCALL malware families signifies a complex network of interconnected threats. Users are advised to exercise caution when downloading files or visiting websites to avoid unknowingly installing such malware. Monitoring platforms like AutoFocus provide valuable resources in tracking these threats and understanding their behaviors.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
NOKKI
1
NOKKI is a malicious software (malware) that was first identified in January 2018, with activities traced throughout the year. It originated from an investigation into a new malware family named NOKKI, which showed significant code overlap and other ties to KONNI, a previously identified malware. Th
DOGCALL
1
Dogcall, also known as ROKRAT, is a remote access Trojan (RAT) malware first reported by Talos in April 2017. It has consistently been attributed to the Advanced Persistent Threat (APT37) group, also known as Reaper. The malware uses third-party hosting services for data upload and command acceptanc
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KONNIUnspecified
1
Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ReaperUnspecified
1
Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Final1stspy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT