Discover and read the best of Twitter Threads about #GoldMax

Most recents (1)

#GoldMax (aka #SUNSHUTTLE) is a new and capable backdoor written in Go/Golang. It is typically used as a late-stage (e.g. 3+) backdoor brought into an environment using access enabled via #TEARDROP, #RainDrop and other related malware deployed by #NOBELIUM/UNC2452.
#GoldMax creates & maintains a config file (name unique to each implant). The config file is AES-256 encrypted (unique-to-each-implant key) & then Base64 encoded (custom alphabet, '=' replaced with null). A handy C2 command allows the operators to update certain config fields.
Read 17 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!