Skip to content

Hide Navigation Hide TOC

AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed)

AutoIt backdoor is malware that has been used by the actors responsible for the MONSOON campaign. The actors frequently used it in weaponized .pps files exploiting CVE-2014-6352. [Forcepoint Monsoon] This malware makes use of the legitimate scripting language for Windows GUI automation with the same name.

Cluster A Galaxy A Cluster B Galaxy B Level
APT33 (99bbbe25-45af-492f-a7ff-7cbc57828bac) Tidal Groups AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed) Tidal Software 1
Patchwork (32385eba-7bbf-439e-acf2-83040e97165a) Tidal Groups AutoIt backdoor (3f927596-5219-49eb-bd0d-57068b0e04ed) Tidal Software 1