STARSYPOUND is a malware family/backdoor referenced in Mandiant’s APT1 reporting and subsequent imphash-based malware clustering. In the provided content, it is identified as one of the backdoor families used for tracking related malware samples associated with the APT1 threat group. The content does not describe STARSYPOUND’s specific functionality, infection vector, or targeted industries/systems beyond its inclusion in the APT1 malware corpus. High-confidence details directly stated are that Mandiant listed STARSYPOUND with imphash 959711e93a68941639fd8b7fba3ca28f, 62 imports, and 31 matched samples in analysis of 356 malware samples from the February 2013 APT1 report. The content further states that imphash pivoting was used to identify additional related samples later assessed as belonging to the same malware families and attributable to the same threat group, but it cautions that imphash alone is not definitive for attribution. No additional STARSYPOUND-specific indicators of compromise are provided beyond the imphash value 959711e93a68941639fd8b7fba3ca28f.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
2 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.
No news coverage yet. Advisories and community discussion only.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.