LIONTAIL

Description

(Check Point) In the latest campaign, the threat actor leveraged the LIONTAIL framework, a sophisticated set of custom loaders and memory resident shellcode payloads. LIONSTAIL’s implants utilize undocumented functionalities of the HTTP.sys driver to extract payloads from incoming HTTP traffic. Multiple observed variants of LIONTAIL-associated malware suggest Scarred Manticore generates a tailor-made implant for each compromised server, allowing the malicious activities to blend into and be undiscernible from legitimate network traffic.

Names

Name
LIONTAIL

Type

Loader

Information

https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.liontail

Other Information

Uuid

5206efd1-cfd9-4561-bd80-56789f5efce5

Last Card Change

2024-01-17

Threat Intelligence Garden

Explorer

LIONTAIL

LIONTAIL

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks