SYMBOLCOMMON_NAMEaka. SYNONYMS
win.covicli (Back to overview)

Covicli

aka: Covically

Actor(s): MuddyWater

Covicli is a modified SSLeay32 dynamic library designated as a backdoor.
The dynamic library allows the attacker to communicate with the C2 over openSSL.

References
2020-10-15ClearSkyClearSky
@techreport{clearsky:20201015:operation:dead010, author = {ClearSky}, title = {{Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations}}, date = {2020-10-15}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf}, language = {English}, urldate = {2020-10-21} } Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations
PowGoop Covicli

There is no Yara-Signature yet.