APT41 Using New Speculoos Backdoor to Target Organizations Globally
Tags
country: Austria Colombia Ireland United States Of America
attack-pattern: Data Direct Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 16a4c203-6c9d-4829-9d75-95ea9abf805a
Fingerprint 843899110f1e1b91
Analysis status DONE
Considered CTI value 2
Text language
Published April 14, 2020, 12:45 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline APT41 Using New Speculoos Backdoor to Target Organizations Globally
Title APT41 Using New Speculoos Backdoor to Target Organizations Globally
Detected Hints/Tags/Attributes 75/2/15
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 161 
cve-2019-19781
Details Domain 2 
alibaba.zzux.com
Details Domain 2 
login.live
Details Domain 36 
login.live.com
Details Domain 1 
exchange.longmusic.com
Details sha256 1 
99c5dbeb545af3ef1f0f9643449015988c4e02bf8a7164b5d6c86f67e6dc2d28
Details sha256 1 
6943fbb194317d344ca9911b7abb11b684d3dca4c29adcbcff39291822902167
Details sha256 1 
493574e9b1cc618b1a967ba9dabec474bb239777a3d81c11e49e7bb9c71c0c4e
Details sha256 1 
85297097f6dbe8a52974a43016425d4adaa61f3bdb5fcdd186bfda2255d56b3d
Details sha256 1 
c2a88cc3418b488d212b36172b089b0d329fa6e4a094583b757fdd3c5398efe1
Details IPv4 5 
66.42.98.220
Details IPv4 2 
119.28.139.120
Details IPv4 1 
119.28.139.20
Details Threat Actor Identifier - APT 522 
APT41
Details Url 1 
ftp://test:[redacted]\@66.42.98.220