This backdoor was created by DeathStalker, an APT actor offering hacking-for-hire services.
This new custom backdoor by DeathStalker, the APT actor offering hacking-for-hire services, was first spotted in August 2020. Typically spread via spearphishing emails, the backdoor deploys several evasion techniques, including steganography, encryption, and custom obfuscation, to avoid detection. It’s been seen primarily in Europe, with a couple of cases in Asia and the Americas, and is most likely targeting law consultancy and financial firms