IOC pivotioc · name
RedLeaves
CN · ChinaAPT10confidence · high
RedLeaves is a custom RAT first publicly associated with APT10 / menuPass in PwC and BAE Systems' Operation Cloud Hopper report. The Cloud Hopper IOC annex enumerates RedLeaves implant paths such as `C:\windows\system32\RedLeaves.exe` on victim hosts.
- family
- RedLeaves
- first seen
- Apr 4, 2017
- publisher
- PwC UK / BAE Systems