Daggerfly: Espionage Group Makes Major Update to Toolset
July 23, 2024, 2:15 p.m.
Tags
External References
Description
An advanced persistent threat (APT) group, known as Daggerfly or Evasive Panda, has significantly updated its malware arsenal. The group has introduced new versions of its modular backdoor framework MgBot for multiple platforms, including Windows, Linux, macOS, and Android. Symantec researchers have also attributed the previously documented Macma macOS backdoor to Daggerfly based on shared code and infrastructure. Additionally, a new Windows backdoor named Suzafk has been identified as part of Daggerfly's toolkit. Recent attacks targeting organizations in Taiwan, a US NGO based in China, and telecoms operators in Africa demonstrate the group's continued espionage activities.
Date
Published: July 23, 2024, 1:42 p.m.
Created: July 23, 2024, 1:42 p.m.
Modified: July 23, 2024, 2:15 p.m.
Indicators
eff1c078895bbb76502f1bbad12be6aa23914a4d208859d848d5f087da8e35e0
fce66c26deff6a5b7320842bc5fa8fe12db991efe6e3edc9c63ffaa3cc5b8ced
ef9aebcd9022080189af8aa2fb0b6594c3dfdc862340f79c17fb248e51fc9929
dad13b0a9f5fde7bcdda3e5afa10e7d83af0ff39288b9f11a725850b1e6f6313
d8a49e688f214553a7525be96cadddec224db19bae3771d14083a2c4c45f28eb
955cee70c82bb225ca2b108f987fbb245c48eefe9dc53e804bbd9d55578ea3a4
65441ea5a7c0d08c1467e9154312ac9d3fdd3ca9188b4234b5944b767d135074
5c52e41090cdd13e0bfa7ec11c283f5051347ba02c9868b4fddfd9c3fc452191
570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6
5687b32cdd5c4d1b3e928ee0792f6ec43817883721f9b86ec8066c5ec2791595
4c3b9a568d8911a2a256fdc2ebe9ff5911a6b2b63c7784da08a4daf692e93c1a
49079ea789e75736f8f8fad804da4a99db52cbaca21e1d2b6d6e1ea4db56faad
3a6605266184d967ab4643af2c73dafb8b7724d21c7aa69e58d78b84ebc06612
3894a8b82338791764524fddac786a2c5025cad37175877959a06c372b96ef05
1f5e4d2f71478518fe76b0efbb75609d3fb6cab06d1b021d6aa30db424f84a5e
0cabb6780b804d4ee285b0ddb00b02468f91b218bd2db2e2310c90471f7f8e74
003764fd74bf13cff9bf1ddd870cbf593b23e2b584ba4465114023870ea6fbef
103.96.131.150
103.96.128.44
103.243.212.98
Attack Patterns
Trojan.Suzafk
DazzleSpy
OSX.CDDS
MacMa - S1016
MgBot
Daggerfly
T1116
T1009
T1045
T1107
T1076
T1608
T1064
T1074
T1583
T1573
T1070
T1082
T1083
T1055
T1592
T1204
T1027
T1053
T1059
CVE-2021-30869
Additional Informations
Central African Republic
South Africa
Taiwan
China