A Dive into Latest Campaign

216.73.217.22

A Dive into Latest Campaign

· Published 09/08/2024 20:15 · Modified 09/08/2024 20:47

Essential information

Published: 09/08/2024 20:15
Modified: 09/08/2024 20:47
Tags: 2024-08-09 apt backdoor cobalt strike cybercrime espionage godzilla loader megacmd rakshasa sneakcross stealthreacher stealthvector tailscale
Related entities: 30 observables, 1 intrusion sets (apt), 15 techniques (mitre), 8 malware, 12 others

Description

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying sophisticated malware toolsets such as the Godzilla webshell, StealthVector, StealthReacher, and SneakCross. StealthVector and StealthReacher are customized loaders that stealthily launch backdoor components, while SneakCross is a modular backdoor utilizing Google services for command-and-control activities. During post-exploitation, Earth Baku employs tools like a customized iox tool, Rakshasa, and Tailscale for persistence, along with MEGAcmd for data exfiltration.

Related entities

External references

https://otx.alienvault.com/pulse/66b678f3c0df45d0d4599f59