Ironhalo

Malware Profile Updated a month ago
Download STIX
Preview STIX
IronHalo is a malicious software (malware) that has been identified as a downloader, employing the HTTP protocol to retrieve a Base64 encoded payload from a hard-coded command-and-control (CnC) server and URL path. This malware typically infiltrates systems through the exploitation of vulnerabilities, often without the user's knowledge. Once inside, IronHalo can disrupt operations, steal personal information, or even hold data for ransom. The successful exploitation of both EPS and CVE-2015-1701 vulnerabilities has been linked to the delivery of either a downloader referred to as IronHalo or a backdoor known as Elmer. Following the exploitation of these vulnerabilities, the exploit payload drops a binary (either 32-bit or 64-bit) containing an embedded IronHalo malware sample. This process allows the malware to gain a foothold within the compromised system, enabling it to perform its harmful activities. In terms of persistence, IronHalo uses a particularly insidious method: it copies itself to the current user's Startup folder. This means that every time the system starts up, the malware is automatically run, thereby maintaining its presence on the infected device. The continuous operation of IronHalo poses a significant threat to the security and privacy of the affected users, making it a critical cybersecurity concern.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ironhalo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The EPS Awakens - Part 2 « Threat Research