← All stories

SecurityWeek

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

Ionut Arghire · 5 days ago · Read original ↗

ATT&CK techniques detected

6 predictions

T1497Virtualization/Sandbox Evasion

68%

“performs environment validation checks to ensure it is not executed in vms, sandboxes, or analysis environments. for that, it checks for debuggers, specific virtualization artifacts, and behavioral and environmental characteristics. once active, the backdoor enables shell command…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1572Protocol Tunneling

59%

“are blocked, and uses public tunneling for covert and resilient communication that blends with legitimate traffic. “ additionally, the combination of multi - layer persistence, advanced defense evasion ( amsi / etw patching, ntdll unhooking ), and in - memory stealth techniques a…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1059.006Python

40%

“sophisticated deep # door backdoor enables espionage, disruption a newly identified stealthy python - based backdoor framework provides attackers with persistent remote command execution and surveillance capabilities on windows computers, securonix reports. the malware ’ s infect…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1055.001Dynamic-link Library Injection

37%

“sophisticated deep # door backdoor enables espionage, disruption a newly identified stealthy python - based backdoor framework provides attackers with persistent remote command execution and surveillance capabilities on windows computers, securonix reports. the malware ’ s infect…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1497.001System Checks

36%

“performs environment validation checks to ensure it is not executed in vms, sandboxes, or analysis environments. for that, it checks for debuggers, specific virtualization artifacts, and behavioral and environmental characteristics. once active, the backdoor enables shell command…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1584.002DNS Server

31%

“are blocked, and uses public tunneling for covert and resilient communication that blends with legitimate traffic. “ additionally, the combination of multi - layer persistence, advanced defense evasion ( amsi / etw patching, ntdll unhooking ), and in - memory stealth techniques a…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage.

The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek.