Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware
ID: 446f684f-7d67-547f-b61d-4c1bc0e2aa4d
STIX ID: report--446f684f-7d67-547f-b61d-4c1bc0e2aa4d
Feed Name: Cyber Press
Threat Score
The report describes the discovery of the Mistic backdoor linked to Woodgnat (KongTuke), an initial-access broker that establishes persistent remote access and sells network footholds to ransomware affiliates. It outlines the group's operational methods—compromised WordPress sites, social-engineering via Microsoft Teams, DLL sideloading, in-memory payloads, a .NET credential stealer, and ModeloRAT usage—and provides IoCs (file hashes) and persistence/evasion techniques.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
