CN

WitchettyWitchetty

Also known as: LookingFrog · Witchetty

Origin
CN
Known aliases
2

Profile

Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some links to the Cicada group (aka APT10). Witchetty’s activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload known as LookBack. ESET reported that the group had targeted governments, diplomatic missions, charities, and industrial/manufacturing organizations.

Aliases· 2

LookingFrogWitchetty

References

  1. https://www.rewterz.com/rewterz-news/rewterz-threat-alert-witchetty-apt-group-active-iocs
  2. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage
  3. https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
WIRTE
Actor
APT41
Group
EXOTIC LILY
Actor
TA402
Software
WhisperGate
Group
PittyTiger
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.