CreepySnail

CreepySnail is a malware that can infect a computer or device through suspicious downloads, emails or websites, and steal personal information or disrupt operations. CreepySnail utilizes Base64-encoded parameters to transmit information from the victim to the threat actor. It also uses static URI parameters that can be detected using specific queries. Once deployed on a target network, it attempts to authenticate using stolen credentials and connect to POLONIUM C2 for further actions on objectives, such as data exfiltration or further abuse as C2. In Israel, OilRig deployed a new custom backdoor called Mango and the SC5k downloader, while POLONIUM used a modified CreepySnail. The C2 addresses for POLONIUM's CreepySnail implant include: 135[.]125[.]147[.]170:80, 185[.]244[.]129[.]79:63047, 185[.]244[.]129[.]79:80, 45[.]80[.]149[.]108:63047, 45[.]80[.]149[.]108:80, 45[.]80[.]149[.]57:63047, 45[.]80[.]149[.]68:63047, 45[.]80[.]149[.]71:80, along with several other indicators. It is essential to keep devices and software up-to-date and practice safe browsing habits to avoid falling victim to malware like CreepySnail. Additionally, implementing security measures like firewalls and antivirus software can also prevent malware infections. If infected, it is recommended to seek professional help to remove the malware and secure the system.