216.73.216.89

EAGERBEE, with updated and novel components, targets the Middle East

· Published 06/01/2025 21:27 · Modified 06/01/2025 21:39

Export JSON

Essential information

Published
06/01/2025 21:27
Modified
06/01/2025 21:39
Tags
2025-01-06 coughingdown dllloader1x64.dll powershell proxylogon ssl
Related entities
8 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware

Description

The EAGERBEE backdoor, deployed at ISPs and governmental entities in the Middle East, has been analyzed to reveal new components and capabilities. The malware uses a novel service injector to inject the backdoor into running services, and employs several plugins for various malicious activities. The initial infection vector remains unclear, but some organizations were breached via the vulnerability. The analysis uncovered potential links between EAGERBEE and the threat group, including code similarities and overlapping command and control infrastructure. The malware's memory-resident architecture and ability to inject code into legitimate processes enhance its stealth capabilities, making detection challenging.

External references