ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Leash

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Leash

NamesLeash
CategoryMalware
TypeBackdoor
Description(Palo Alto) The Magic Hound campaign was also discovered deploying an IRC Bot, which we have named MagicHound.Leash. We discovered this connection when we observed a DropIt sample installing a backdoor Trojan that used IRC for its C2 communications.

Leash obtains its commands via private messages (PRIVMSG) sent from the adversary who must also be connected to the IRC server. All of its available commands (see Appendix), except for the VER command seen in Figure 5, must be issued by individuals in the IRC channel with nicknames that start with “AS_” or “AF_”.
Information<https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.leash>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool Leash

ChangedNameCountryObserved

APT groups

 Cutting Kitten, TG-2889Iran2012-Mar 2016X
 Magic Hound, APT 35, Cobalt Gypsy, Charming KittenIran2012-Early 2022 HOTX

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]