HOMEFRY

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Homefry is a 64-bit Windows password dumper/cracker that has been used in conjunction with the AIRBREAK and BADFLICK backdoors by APT40, a Chinese state-sponsored cyber espionage group. Malware is harmful software designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. APT40 has leveraged custom credential theft utilities such as Homefry to steal passwords and other sensitive information. This malware has previously been used in conjunction with the AIRBREAK and BADFLICK backdoors. AIRBREAK is a JavaScript-based backdoor that retrieves commands from hidden strings in compromised web pages, while BADFLICK is a backdoor capable of modifying the file system, generating a reverse shell, and modifying its command-and-control configuration. Historical indicators such as file hashes show that APT40 has also used other malware such as Beacon, PHOTO (also reported as Derusbi), and MURKYTOP, a command-line reconnaissance tool. Some of these attacks have been traced back to files such as com4.js and green.ddd. As cyber threats continue to evolve, it is important for individuals and organizations to take proactive measures to protect their digital assets and stay informed about current threats like Homefry.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the HOMEFRY Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
APT40: Examining a China-Nexus Espionage Actor | Mandiant
MITRE
a year ago
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries | Mandiant