Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation ShellTea

The campaign targets the hotel and entertainment sectors with spear-phishing emails to infiltrate systems with the ShellTea backdoor. The malware contains anti-debugging or anti-monitoring techniques to stay under the radar when analyzed. The malicious software also installs itself in the registry to stay persistent and uses PowerShell throughout the infection process. The malware is capable of exfiltrating a range of data from infected hosts including system information, anti-virus details, and domain and workgroup data.
Name Modified Date Sources
Operation ShellTea 2019-06-11