Openhunting Threat Library

RomeoAlfa

RomeoAlfa, AlphaNC
(Type: Reconnaissance, Backdoor, Info stealer, Exfiltration)

(IBM) ALPHANC is a backdoor which is capable of the following: • Collecting system information • Executing command line commands • Launching, listing, and terminating processes • Uploading and downloading files • Deleting files ALPHANC appears to be a lightweight variant of {{Duuzer}} based on similarities in functionality, capability, and style of how certain tasks are performed.

[News Analysis] Trends:

Total Trend: 2

Trend Per Year
1
2017
1
2020


Trend Per Month
1
May 2017
1
2020



[News Analysis] News Mention Another Threat Name:

7 - AlphaNC3 - Bankshot3 - Ratankba3 - Lazarus Group4 - BravoNC4 - Duuzer4 - Sierra(Alfa,Bravo, ...)4 - WannaCryptor


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

NICKEL GLADSTONE

2020 by SecureWorks from Secureworks

WannaCry: Ransomware attacks show strong links to Lazarus group

2017-05-22 by Symantec Security Response from Symantec

Basic Information (Credit @etda.or.th)

Tool: RomeoAlfa

Names: RomeoAlfa, AlphaNC

Description: (IBM) ALPHANC is a backdoor which is capable of the following: • Collecting system information • Executing command line commands • Launching, listing, and terminating processes • Uploading and downloading files • Deleting files ALPHANC appears to be a lightweight variant of {{Duuzer}} based on similarities in functionality, capability, and style of how certain tasks are performed.

Category: Malware

Type: Reconnaissance, Backdoor, Info stealer, Exfiltration

Information: https://exchange.xforce.ibmcloud.com/malware-analysis/guid:fe28057927a67466dbfc9f2ec1f8adc9

Information: https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.alphanc

Last-card-change: 2020-04-23

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact