Deadglyph

Malware updated a month ago (2024-11-29T14:36:11.396Z)
Download STIX
Preview STIX
Deadglyph is a sophisticated malware, or malicious software, discovered in September 2023 by ESET researchers. It was identified as a new backdoor used by the FruityArmor threat actor, also known as Stealth Falcon, primarily targeting Middle Eastern governments. The malware consists of a native x64 binary that functions as an executor and a .NET assembly that serves as an orchestrator. Its unique architecture allows it to receive functions dynamically from a command-and-control (C2) server in the form of modules, instead of relying on traditional backdoor commands from the binary. In conjunction with Deadglyph, the ShadowWhisperer and NightmareLoader tools were outlined in an Advanced Persistent Threat (APT) report released the same month. These tools are suspected to be part of the downloader chain leveraged in the installation process of Deadglyph. Furthermore, a related shellcode downloader was discovered, which researchers postulate could potentially be used for installing the malware. Recently, an updated version of the native DeadGlyph Executor backdoor module has been identified, featuring changes to both its architecture and workflow components. This novel backdoor has been deployed in cyber-espionage attacks against government entities in the Middle East, marking a significant escalation in the capabilities of the FruityArmor threat actor. The continuous evolution of this malware underscores the necessity for rigorous cybersecurity measures, especially for high-risk targets such as government agencies.
Description last updated: 2024-11-28T11:43:45.901Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Downloader
Espionage
Apt
Eset
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Stealth Falcon Threat Actor is associated with Deadglyph. Stealth Falcon, also known as Project Raven or FruityArmor, is a notable threat actor that has been active since at least 2012. This group is known for its cyber espionage activities primarily in the Middle East, targeting political activists, journalists, and dissidents. The group gained significanUnspecified
3
The Fruityarmor Threat Actor is associated with Deadglyph. FruityArmor, also known as Stealth Falcon or Project Raven, is a threat actor linked to the United Arab Emirates (UAE), according to MITRE. Active since 2012, this state-sponsored hacking group is known for targeting political activists, journalists, and dissidents in the Middle East. The cybersecurUnspecified
2
Source Document References
Information about the Deadglyph Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a month ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago