SPAWNMOLE

SPAWNMOLESPAWNMOLE

Description

SPAWNMOLE is a tunneler that injects into the web process. It hijacks the accept function in the web process to monitor traffic and filter out malicious traffic originating from the attacker. The remainder of the benign traffic is passed unmodified to the legitimate web server functions. The malicious traffic is tunneled to a host provided by an attacker in the buffer. Mandiant assesses the attacker would most likely pass a local port where SPAWNSNAIL is operating to access the backdoor.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SPAWNANT
Software
SPAWNSLOTH
Actor
Scarred Manticore
Software
Parasite-HTTP-RAT
Software
HTTP WEB BACKDOOR
Software
MANITSME
Sourced from MITRE ATT&CK Enterprise . Curated by Adam Lundqvist, SQUR.