Skip to content

Hide Navigation Hide TOC

AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed)

AutoIt backdoor is malware that has been used by the actors responsible for the MONSOON campaign. The actors frequently used it in weaponized .pps files exploiting CVE-2014-6352. [Forcepoint Monsoon] This malware makes use of the legitimate scripting language for Windows GUI automation with the same name.

Cluster A Galaxy A Cluster B Galaxy B Level
AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed) Tidal Software APT33 (99bbbe25-45af-492f-a7ff-7cbc57828bac) Tidal Groups 1
AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed) Tidal Software Patchwork (32385eba-7bbf-439e-acf2-83040e97165a) Tidal Groups 1