Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Unit 42 researchers have discovered connections between Stately Taurus, a threat actor targeting ASEAN countries, and the Bookworm malware family. Analysis of infrastructure and code overlaps revealed links between recent Stately Taurus attacks and Bookworm samples dating back to 2015. The group has been using both Bookworm and ToneShell malware in their operations. Bookworm has undergone minimal changes since 2015, demonstrating its versatility and continued effectiveness. The malware's modular design allows for flexible packaging to meet operational needs. Stately Taurus is expected to continue developing and utilizing Bookworm in future attacks targeting Southeast Asian organizations.
OPENCTI LABELS :
pubload,toneshell,asean,dll sideloading,modular malware,southeast asia,infrastructure overlap,bookworm
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware