CreepySnail

Malware updated 23 days ago (2024-11-29T14:19:10.685Z)
Download STIX
Preview STIX
CreepySnail is a malware that can infect a computer or device through suspicious downloads, emails or websites, and steal personal information or disrupt operations. CreepySnail utilizes Base64-encoded parameters to transmit information from the victim to the threat actor. It also uses static URI parameters that can be detected using specific queries. Once deployed on a target network, it attempts to authenticate using stolen credentials and connect to POLONIUM C2 for further actions on objectives, such as data exfiltration or further abuse as C2. In Israel, OilRig deployed a new custom backdoor called Mango and the SC5k downloader, while POLONIUM used a modified CreepySnail. The C2 addresses for POLONIUM's CreepySnail implant include: 135[.]125[.]147[.]170:80, 185[.]244[.]129[.]79:63047, 185[.]244[.]129[.]79:80, 45[.]80[.]149[.]108:63047, 45[.]80[.]149[.]108:80, 45[.]80[.]149[.]57:63047, 45[.]80[.]149[.]68:63047, 45[.]80[.]149[.]71:80, along with several other indicators. It is essential to keep devices and software up-to-date and practice safe browsing habits to avoid falling victim to malware like CreepySnail. Additionally, implementing security measures like firewalls and antivirus software can also prevent malware infections. If infected, it is recommended to seek professional help to remove the malware and secure the system.
Description last updated: 2023-06-23T20:30:57.384Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The POLONIUM Threat Actor is associated with CreepySnail. Polonium is a threat actor group, believed to be based in Lebanon, that has been responsible for significant cyberattacks on Israel's operational technology (OT) and critical infrastructure. In December, Israel's National Cyber Directorate issued warnings that Polonium had targeted critical sectors Unspecified
2
Source Document References
Information about the CreepySnail Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more