New version of MysterySnail RAT and lightweight MysteryMonoSnail backdoor
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new version of the MysterySnail RAT, attributed to the Chinese-speaking IronHusky APT group, has been detected targeting government organizations in Mongolia and Russia. The malware, which hadn't been publicly reported since 2021, now features a modular architecture with five additional DLL modules for command execution. A lightweight version dubbed MysteryMonoSnail was also observed. The infection chain involves a malicious MMC script, an intermediary backdoor, and the main MysterySnail RAT payload. The attackers use public file storage and the piping-server project for command and control. This case highlights the importance of maintaining vigilance against seemingly obsolete malware families, as they may continue operating undetected for extended periods.
OPENCTI LABELS :
apt,ironhusky,mysterymonosnail,mysterysnail
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New version of MysterySnail RAT and lightweight MysteryMonoSnail backdoor