Red Leaves malware analysis
Abstract
This technical note discusses a relatively undocumented implant used by the APT10 group. This is named “Red Leaves” after strings found in the malware. The sample discussed was found during an incident response engagement in March 2017. The earliest evidence obtained shows it has been in use since at least November 2016.
Type
Publication
By NCC Group
David Cannings
Cyber Security
My interests include computer security, digital electronics and writing tools to help analysis of cyber attacks.