Just Another Blue TeamerJun 2, 2023

#HappyFriday everyone! The Check Point Software Technologies Ltd research team continues to discover more tools used by the #APT known as #CamaroDragon. This time, they shed light on Go-based backdoor dubbed #TinyNote. Check out the article for more details! Enjoy and Happy Hunting!

Link is in the comments!

**I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!**

Notable TTPs:
TA0005 - Defense Evasion
T1574.002 - Hijack Execution Flow: DLL Side-Loading

TA0002 - Execution
T1059.003 - Command And Scripting Interpreter: Windows Command Shell
T1059.001 - Command And Scripting Interpreter: PowerShell

TA0003 - Persistence
T[Let me know what persistence techniques you see!]

TA0007 - Discovery
T1033 - System Owner/User Discovery
T1015 - System Network Configuration Discovery

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Show threadJust Another Blue Teamer
MALWARE SPOTLIGHT: CAMARO DRAGON’S TINYNOTE BACKDOOR
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
Malware Spotlight: Camaro Dragon’s TinyNote Backdoor - Check Point Research

Executive summary Since early January 2023, there has been a notable surge in activity targeting European foreign affairs entities linked to Southeast and East Asia. The threat actors responsible are tracked by Check Point Research as Camaro Dragon and are associated with a broad network of espionage operations aligned with Chinese interests. Camaro Dragon overlaps with previously […]

Check Point Research
Jun 2, 2023 at 3:35pmWeb