Palo Alto Networks

enfal

Cmstar Downloader: Lurid and Enfal's New Cousin

In recent weeks, Unit 42 has been analyzing delivery documents used in spear-phishing attacks that drop a custom downloader used in cyber espionage attacks. This specific downloader, Cmstar, is associated with the Lurid downloader also known as ‘Enfal’. Cmstar was named for the log message ‘CM**’ used by the downloader.

Unit 42 is aware of threat actors using two toolkits - MNKit and the Tran Duy Linh toolkit - to produce malicious documents that exploit CVE-2012-0158...

Malware
Threat Prevention
Unit 42
May 18, 2015
By 

Palo Alto Networks

Announcements
Company & Culture
Points of View
Public Sector
Products and Services
Partners

Subscribe to Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links