ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool HTTPSnoop

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HTTPSnoop

NamesHTTPSnoop
CategoryMalware
TypeBackdoor
Description(Talos) HTTPSnoop is a simple, yet effective, new backdoor that uses low-level Windows APIs to interact directly with the HTTP device on the system. It leverages this capability to bind to specific HTTP(S) URL patterns to the endpoint to listen for incoming requests. Any incoming requests for the specified URLs are picked up by the implant, which then proceeds to decode the data accompanying the HTTP request. The decoded HTTP data is, in fact, shellcode that is then executed on the infected endpoint.

HTTPSnoop consists of the same code across all observed variants, with the key difference in samples being the URL patterns that it listens for.
Information<https://blog.talosintelligence.com/introducing-shrouded-snooper/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.httpsnoop>

Last change to this tool card: 13 October 2023

Download this tool card in JSON format

Previous: Http Dr0pper
Next: HTTP Troy

All groups using tool HTTPSnoop

ChangedNameCountryObserved

APT groups

 ShroudedSnooper[Unknown]2023 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]