PENCILDOWN (aa4ba5b8-1dbc-47ac-9645-653f6e421721)
PENCILDOWN is a C/C++ Windows based downloader. PENCILDOWN collects basic system information and sends it to the C2 server before receiving the next stage. The next stage is then loaded in memory or executed directly based off a flag in the response. Availability: Non-public
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT43 (aac49b4e-74e9-49fa-84f9-e340cf8bafbc) | Threat Actor | PENCILDOWN (aa4ba5b8-1dbc-47ac-9645-653f6e421721) | Tool | 1 |