REDLEAVES (179f7228-6fcf-4664-a084-57bd296d0cde)
The REDLEAVES implant consists of three parts: an executable, a loader, and the implant shellcode. The REDLEAVES implant is a remote administration Trojan (RAT) that is built in Visual C++ and makes heavy use of thread generation during its execution. The implant contains a number of functions typical of RATs, including system enumeration and creating a remote shell back to the C2.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| RedLeaves (a70e93a7-3578-47e1-9926-0818979ed866) | Malpedia | REDLEAVES (179f7228-6fcf-4664-a084-57bd296d0cde) | Tool | 1 |