Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 02:08:51 UTC
Home > List all groups > List all tools > List all groups using tool HOPLIGHT
 Tool: HOPLIGHT
Names
HOPLIGHT
HANGMAN
Category Malware
Type Tunneling
Description
(US-CERT) This report provides analysis of twenty malicious executable files. Sixteen
of these files are proxy applications that mask traffic between the malware and the
remote operators. The proxies have the ability to generate fake TLS handshake sessions
using valid public SSL certificates, disguising network connections with remote
malicious actors. One file contains a public SSL certificate and the payload of the file
appears to be encoded with a password or key. The remaining file does not contain any
of the public SSL certificates, but attempts outbound connections and drops four files.
The dropped files primarily contain IP addresses and SSL certificates.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 13 May 2020
Download this tool card in JSON format
All groups using tool HOPLIGHT
Changed Name Country Observed
APT groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a2a00578-4e93-4833-acbc-25ace6e45504
Page 1 of 2

Lazarus Group, Hidden Cobra, Labyrinth Chollima 2007-May 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a2a00578-4e93-4833-acbc-25ace6e45504
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a2a00578-4e93-4833-acbc-25ace6e45504
Page 2 of 2