SYMBOLCOMMON_NAMEaka. SYNONYMS

TiltedTemple  (Back to overview)

aka: Circle Typhoon, DEV-0322

One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activities have been linked to the exploitation of vulnerabilities in Zoho ManageEngine ADSelfService Plus and ServiceDesk Plus.


Associated Families

There are currently no families associated with this actor.


References
2022-02-24paloalto Networks Unit 42Unit 42
SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
TiltedTemple
2021-11-08nccgroupFox IT
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
TiltedTemple

Credits: MISP Project