The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image.
ADVERSARY: Witchetty
INDUSTRIES: Manufacturing, Industrial, Diplomatic, Government
MALWARE FAMILY: LookBack
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1505 - Server Software Component, T1003 - OS Credential Dumping, T1059 - Command and Scripting Interpreter, T1218 - Signed Binary Proxy Execution, T1112 - Modify Registry
Read More:
Commenti