Description
Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for data theft, remote execution, and persistence. Notably, BITSLOTH contains 35 distinct command handlers for tasks like keylogging, screen capture, discovery, enumeration, and command execution. Analysis suggests the malware has been under development since 2021 by actors potentially associated with Chinese-speaking individuals or groups.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 2, 2024, 9:57 a.m. | Aug. 2, 2024, 9:57 a.m. | Aug. 2, 2024, 10:01 a.m. |
Indicators
dfb76bcf5a3e29225559ebbdae8bdd24f69262492eca2f99f7a9525628006d88
4a4356faad620bf12ff53bcfac62e12eb67783bd22e66bf00a19a4c404bf45df
4fb6dd11e723209d12b2d503a9fcf94d8fed6084aceca390ac0b7e7da1874f50
0f9c0d9b77678d7360e492e00a7fa00af9b78331dc926b0747b07299b4e64afd
0944b17a4330e1c97600f62717d6bae7e4a4260604043f2390a14c8d76ef1507
45.116.13.178
15.235.132.67
216.238.121.132
Attack Patterns
BITSLOTH
T1564.006
T1085
T1053.005
T1197
T1056.001
T1113
T1070
T1106
T1082
T1090
Additional Informations
Government