Ghost419

Malware updated a month ago (2024-11-29T14:10:57.505Z)
Download STIX
Preview STIX
Ghost419 is a malicious software, or malware, that first emerged in the wild on December 18, 2017. It is one of several implants, including Gold Dragon, Brave Prince, and Running Rat, which were named based on phrases found within their code. These implants appeared in December 2017 and demonstrate a much broader campaign than previously known. Ghost419 is particularly noteworthy due to its Korean-language implant and its traceability to an earlier version created on July 29, 2017, without the hardcoded identifier. The malware Ghost419 shares significant similarities with the Gold Dragon and Brave Prince implants, indicating that it was based on these predecessors. Shared elements and code, especially for system reconnaissance functions, are evident across these malware variants. The string "WebKitFormBoundarywhpFxMBe19cSjFnG," part of the upload mechanism, also appears in the Gold Dragon variants from late December 2017, further highlighting the interconnected nature of these malicious programs. Ghost419 has been found hardcoded in the malware binary, suggesting that it's deeply embedded within the system it infects. Its user agent string, another unique identifier, has also been noted. The most recent sample of Ghost419 was discovered just two days before the spear phishing email incident related to the Olympics, implying that this malware may be used in conjunction with other cyber threats to exploit and damage computer systems.
Description last updated: 2024-05-05T02:22:05.484Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Ghost419 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more