(Trend Micro) The Lurid Downloader, often referred to as Enfal, is a well-known malware family. It is, however, not created with a publicly available toolkit that can be purchased by any aspiring cybercriminal. This malware family has, in the past, been used to target both the U.S. government and nongovernmental organizations (NGOs). However, there appear to be no direct links between this particular network and previous ones.
TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
IP:Port | Timestamp |
---|
Domain | Timestamp |
---|
URL | Timestamp |
---|
2020-03-12 by Check Point Research from Check Point
2020 by SecureWorks from Secureworks
2020 by SecureWorks from Secureworks
2017-05-31 by MITRE ATT&CK from MITRE
2015-10-17 by Florian Roth from BSK Consulting
2015-02-06 by CrowdStrike from CrowdStrike
2012-10-23 by Nart Villeneuve from Trend Micro
Tool: Enfal
Names: Enfal, Lurid
Description: (Trend Micro) The Lurid Downloader, often referred to as Enfal, is a well-known malware family. It is, however, not created with a publicly available toolkit that can be purchased by any aspiring cybercriminal. This malware family has, in the past, been used to target both the U.S. government and nongovernmental organizations (NGOs). However, there appear to be no direct links between this particular network and previous ones.
Category: Malware
Type: Downloader
Information: https://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-exposes-lurid-apt/
Information: https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/
Information: https://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/
Mitre-attack: https://attack.mitre.org/software/S0010/
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.enfal
Alienvault-otx: https://otx.alienvault.com/browse/pulses?q=tag:enfal
Last-card-change: 2020-05-13
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |