COINTOSS (3006e4ea-a518-48df-a3f2-4ad9c17773d2)
COINTOSS is a C/C++ downloader. It uses the Windows Management Instrumentation command-line (WMIC) utility to download the payload over FTP. COINTOSS then creates and runs a batch script to uninstall itself. Availability: Non-public
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT43 (aac49b4e-74e9-49fa-84f9-e340cf8bafbc) | Threat Actor | COINTOSS (3006e4ea-a518-48df-a3f2-4ad9c17773d2) | Tool | 1 |