JHUHUGIT

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Jhuhugit is a type of malware that was used in Sofacy attacks as a first-stage implant. It became relatively popular and was also used with a Java zero-day in July 2015. The Sofacy group, which utilized jhuhugit, expanded their arsenal in 2013 by adding more backdoors and tools, including CORESHELL, SPLM, and AZZY. In their attacks, the group spearphished targets in several waves using Flash exploits, leading to their carberp-based JHUHUGIT downloaders and further stages of malware. Jhuhugit was delivered through a Flash zero-day and used a Windows EoP exploit to break out of the sandbox. Recently, high-profile victims have been targeted with another first-level implant representing the latest evolution of Sofacy's AZZYTrojan. While jhuhugit and more recently, "JKEYSKW," are still being used in most of the Sofacy attacks, the group has continued to evolve and expand their arsenal over the years.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the JHUHUGIT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Sofacy APT hits high profile targets with updated toolset
MITRE
a year ago
A Slice of 2017 Sofacy Activity