Malware: TINYTYPHON

Description

[TINYTYPHON](https://attack.mitre.org/software/S0131) is a backdoor that has been used by the actors responsible for the MONSOON campaign. The majority of its code was reportedly taken from the MyDoom worm. (Citation: Forcepoint Monsoon)

External References

• mitre-attack
• Forcepoint Monsoon

Techniques Used by This Malware

• T1020 — Automated Exfiltration
• T1027.013 — Encrypted/Encoded File
• T1083 — File and Directory Discovery
• T1547.001 — Registry Run Keys / Startup Folder

APT Groups Using This Malware

• Patchwork