top of page
Search
Writer's pictureStormsec

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image.




ADVERSARY: Witchetty



MALWARE FAMILY: LookBack


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1505 - Server Software Component, T1003 - OS Credential Dumping, T1059 - Command and Scripting Interpreter, T1218 - Signed Binary Proxy Execution, T1112 - Modify Registry


Read More:


6 views

Commenti


I commenti sono stati disattivati.
bottom of page