S1024Windows

S1024CreepySnail

Platforms
1
ATT&CK
14.1
References
2

Description

[CreepySnail](https://attack.mitre.org/software/S1024) is a custom PowerShell implant that has been used by [POLONIUM](https://attack.mitre.org/groups/G1005) since at least 2022.(Citation: Microsoft POLONIUM June 2022) Documented platforms: Windows. Attributed to ATT&CK group: POLONIUM. Catalogued in ATT&CK 14.1. 2 references curated.

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupPOLONIUMg1005100%live

References

  1. https://attack.mitre.org/software/S1024
  2. https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
CreepyDrive
Software
PowerLess
Software
Disco
Software
QUIETCANARY
Software
PingPull
Software
FunnyDream
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.