Names | Hannotog | |
Category | Malware | |
Type | Backdoor | |
Description | (Symantec) Hannotog is a custom backdoor which provides the attackers with a persistent presence on the victim’s network. It has been used in conjunction with several other Thrip tools, including Sagerunex, another custom backdoor providing remote access to the attackers, and Catchamas (Infostealer.Catchamas), a custom Trojan deployed on selected computers of interest and designed to steal information. | |
Information | <https://symantec-blogs.broadcom.com/blogs/threat-intelligence/thrip-apt-south-east-asia> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S1211> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:Hannotog> |
Last change to this tool card: 28 June 2025
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
![]() | Lotus Blossom, Spring Dragon, Thrip | ![]() | 2012-Aug 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1227 | |
![]() |
[email protected] |