LOOKOVER

Description

(Mandiant) The threat actor’s first attempt to extend their access to the network appliances by targeting the TACACS server was the use of LOOKOVER. LOOKOVER is a sniffer written in C that processes TACACS+ authentication packets, performs decryption, and writes its contents to a specified file path. LOOKOVER uses the publicly available libpcap library to sniff TCP packets.

Names

Name
LOOKOVER

Type

Info stealer

Information

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Other Information

Uuid

75320f8c-19aa-489e-b7b2-4c22d2592a32

Last Card Change

2024-08-26

Threat Intelligence Garden

Explorer

LOOKOVER

LOOKOVER

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks