Witchetty  (Back to overview)

aka: LookingFrog

Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some links to the Cicada group (aka APT10). Witchetty’s activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload known as LookBack. ESET reported that the group had targeted governments, diplomatic missions, charities, and industrial/manufacturing organizations.

Associated Families

There are currently no families associated with this actor.

2022-10-04Rewterz Information SecurityRewterz Information Security
Witchetty APT Group
2022-09-29SymantecThreat Hunter Team
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty
2022-04-27ESET ResearchAlexandre Côté Cyr, Matthieu Faou
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
FlowCloud Lookback Witchetty

Credits: MISP Project