| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some links to the Cicada group (aka APT10). Witchetty’s activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload known as LookBack. ESET reported that the group had targeted governments, diplomatic missions, charities, and industrial/manufacturing organizations.
There are currently no families associated with this actor.
| 2023-04-23
⋅
ESET Research
⋅
TA410: APT10’s distant cousin FlowCloud Lookback PlugX Quasar RAT Tendyron Witchetty |
| 2022-10-04
⋅
Rewterz Information Security
⋅
Witchetty APT Group Witchetty |
| 2022-09-29
⋅
Symantec
⋅
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East CHINACHOPPER Lookback MimiKatz Witchetty |
| 2022-04-27
⋅
ESET Research
⋅
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity FlowCloud Lookback Witchetty |