SYMBOLCOMMON_NAMEaka. SYNONYMS
win.pipesnoop (Back to overview)

PipeSnoop

aka: TOFUPIPE

Cisco Talos states that PipeSnoop can accept arbitrary shellcode from a named pipe and execute it on the infected endpoint.

References
2024-09-19MandiantMark Lechtik, Matan Mimran, Sarah Bock, Stav Shulman
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
CRYPTOSLAY PipeSnoop TEMPLEDOOR UNC1860
2023-09-19Cisco TalosArnaud Zobec, Asheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop LightBasin ShroudedSnooper

There is no Yara-Signature yet.