ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Snugy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Snugy

NamesSnugy
Netero
CategoryMalware
TypeBackdoor, Tunneling
Description(Palo Alto) The OfficeIntegrator.ps1 file seen in the ResolutionHosts task is a PowerShell-based backdoor we call Snugy, which allows an actor to obtain the system’s hostname and to run commands. Snugy is a variant of the CASHY200 backdoor used by actors in previous attacks in the xHunt campaign. In July 2019, Trend Micro created a detection signature for this backdoor called Backdoor.PS1.NETERO.A, which suggests that this particular variant of CASHY200 has been around for over a year. We are calling this variant of the backdoor Snugy, as Netero is already a name of a variant of the Hisoka tool used by the xHunt actors.
Information<https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/ps1.snugy>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool Snugy

ChangedNameCountryObserved

APT groups

 xHuntIran2018-Aug 2019 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key