Software: Flame, Flamer, sKyWIper

From enterprise
Jump to: navigation, search
Flame, Flamer, sKyWIper
ID S0143
Aliases Flame, Flamer, sKyWIper
Type Malware
Platform Windows

Flame is a sophisticated toolkit that has been used to collect information since at least 2010, largely targeting Middle East countries.1

Alias Descriptions

  • Flame - 1
  • Flamer - 12
  • sKyWIper - 13

Techniques Used

  • Exfiltration Over Other Network Medium - Flame has a module named BeetleJuice that contains Bluetooth functionality that may be used in different ways, including transmitting encoded information from the infected system over the Bluetooth protocol, acting as a Bluetooth beacon, and identifying other Bluetooth devices in the vicinity.2
  • Rundll32 - Rundll32.exe is used as a way of executing Flame at the command-line.3
  • Create Account - Flame can create backdoor accounts with the login "HelpAssistant" with the Limbo module.4
  • Screen Capture - Flame can take regular screenshots when certain applications are open that are sent to the command and control server.1