Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia - SOC Prime
Tags
cmtmf-attack-pattern: Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Keylogging - T1056.001 Keylogging - T1417.001 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Modify Registry - T1112 Process Injection - T1055 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 5a21f288-49ac-44f7-a596-0d8695f9e36f
Fingerprint b4b4418fab5d8511
Analysis status DONE
Considered CTI value 1
Text language
Published May 17, 2023, 11:26 a.m.
Added to db June 5, 2023, 11:38 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia
Title Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia - SOC Prime
Detected Hints/Tags/Attributes 51/3/5
Source URLs
Redirection Url
Details Source https://socprime.com/blog/merdoor-malware-detection-lancefly-apt-uses-a-stealthy-backdoor-in-long-running-attacks-against-organizations-in-south-and-southeast-asia/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 32 
my.socprime.com
Details File 7 
perfhost.exe
Details File 1122 
svchost.exe
Details MITRE ATT&CK Techniques 550 
T1112
Details Threat Actor Identifier - APT 522 
APT41