top of page

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image.

ADVERSARY: Witchetty


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1505 - Server Software Component, T1003 - OS Credential Dumping, T1059 - Command and Scripting Interpreter, T1218 - Signed Binary Proxy Execution, T1112 - Modify Registry

Read More:

1 view
bottom of page