TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

[email protected] (The Hacker News) · 5 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1056.001Keylogging
78%
“used in large - scale or highly active campaigns, " gaikwad, senior security research engineer at securonix, told the hacker news via email. " its observed usage appears to be limited and somewhat targeted rather than broadly distributed. " " at this stage, we have not identified…”
T1059.006Python
74%
“new python backdoor uses tunneling service to steal browser and cloud credentials cybersecurity researchers have disclosed details of a stealthy python - based backdoor framework called deep # door that comes with capabilities to establish persistent access and harvest a wide ran…”
T1053.005Scheduled Task
58%
“keys, and scheduled tasks, while also relying on a watchdog mechanism to make sure the persistence artifacts have not been removed, and if so, automatically recreate them, making remediation challenging. " the resulting implant operates as a fully featured remote access trojan ( …”
T1555.003Credentials from Web Browsers
46%
“- web browser credential harvesting - ssh key extraction - credentials stored in google chrome, mozilla firefox, and windows credential manager - cloud credential theft ( amazon web services, google cloud, and microsoft azure ) the use of public tcp tunneling service for command …”

Summary

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an