CN

TiltedTempleTiltedTemple

Also known as: DEV-0322 · Circle Typhoon · TiltedTemple

Origin
CN
Known aliases
3

Profile

One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activities have been linked to the exploitation of vulnerabilities in Zoho ManageEngine ADSelfService Plus and ServiceDesk Plus.

Aliases· 3

DEV-0322Circle TyphoonTiltedTemple

References

  1. https://unit42.paloaltonetworks.com/sockdetour/
  2. https://blog.fox-it.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
  3. https://www.microsoft.com/en-us/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Scarred Manticore
Software
Socksbot
Actor
Denim Tsunami
Actor
BackdoorDiplomacy
Actor
TunnelSnake
Actor
UTA0218
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.