Common Information
| Type | Value |
|---|---|
| Value |
Witchetty |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some links to the Cicada group (aka APT10). Witchetty’s activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload known as LookBack. ESET reported that the group had targeted governments, diplomatic missions, charities, and industrial/manufacturing organizations. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-09-07 | 35 | My Tea's not cold. An overview of China's cyber threat | ||
| Details | Website | 2022-10-31 | 0 | Des pirates chinois cachent un logiciel malveillant dans le logo de Windows - Le décodeur de cybersécurité | ||
| Details | Website | 2022-10-09 | 1 | Le tour des actus cybersécurité | 9 oct 2022 - Le décodeur de cybersécurité | ||
| Details | Website | 2022-10-01 | 1 | Chinese Hackers Hiding Malware in Windows Logo | ||
| Details | Website | 2022-10-01 | 2 | Middle East Targeted via Steganography | IT Security News | ||
| Details | Website | 2022-10-01 | 4 | Weekly News Roundup — September 25 to October 1 | ||
| Details | Website | 2022-10-01 | 0 | Chinese APT Hacker Group Using Old Windows Logo to Hide a Backdoor Malware | IT Security News | ||
| Details | Website | 2022-10-01 | 0 | Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange | IT Security News | ||
| Details | Website | 2022-10-01 | 3 | Symantec details an ongoing campaign by the Witchetty hacking group, potentially tied to a China-backed threat actor, that hides malware in a Windows logo image | ||
| Details | Website | 2022-09-30 | 0 | Witchetty APT used steganography in attacks against Middle East entities | IT Security News | ||
| Details | Website | 2022-09-30 | 1 | Backdoor Malware Hidden Inside Windows Logo Image | IT Security News | ||
| Details | Website | 2022-09-30 | 10 | The Good, the Bad and the Ugly in Cybersecurity - Week 40 | ||
| Details | Website | 2022-09-30 | 1 | Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com | ||
| Details | Website | 2022-09-29 | 2 | Daily Briefing for 09.29.22 | ||
| Details | Website | 2022-09-29 | 98 | Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East | ||
| Details | Website | 2022-09-29 | 6 | Hacking group hides backdoor malware inside Windows logo image | ||
| Details | Website | 2022-04-27 | 202 | A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity |