StealthFalcon is a backdoor, created in 2015 by the Stealth Falcon advanced persistent threat group for use in their own campaigns. Stealth Falcon are a threat group, active since 2012, that targets political activists and journalists in the Middle East.
The backdoor was discovered by ESET researchers who came across the backdoor, and it named Win32/StealthFalcon.
Once installed, StealthFalcon will initiate a connection with a command and control (C2) server by using the standard Windows component Background Intelligent Transfer Service (BITS) before attempting to extract files. If StealthFalcon fails to connect to one of its two C2 severs, it will remove itself. Stealth Falcon is also able to install other payloads including cryptocurrency miners and ransomware tools.
ESET’s research did not look at how StealthFalcon is deployed nor did it discuss which nation or group with which it is specifically affiliated.
Indicators of Compromise