Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign

Symantec researchers have discovered a novel technique of reading commands from IIS logs to install backdoors and other tools in a stealthy campaign against large companies and high-profile technology firms in the US.

REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan

TAGS: Cranefly, ReGeorg

ADVERSARY: UNC3524

MALWARE FAMILY: ReGeorg

ATT&CK IDS: T1566 - Phishing, T1102 - Web Service, T1562 - Impair Defenses, T1572 - Protocol Tunneling

Read More:

https://otx.alienvault.com/pulse/635bd1b0ded1137e0bfd9f3b