CoughingDown is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does CoughingDown exploit?

Specific CVE exploitation data for CoughingDown is being tracked. Check the Strobes VI threat actor profile for updates.

CoughingDown

Exploited CVEs

Overview

CoughingDown is a threat group attributed to various cyber campaigns, including the deployment of the EAGERBEE backdoor, which utilizes service manipulation and privilege escalation techniques. The group has been linked to malware infrastructure that abuses legitimate services like MSDTC, IKEEXT, and SessionEnv to load malicious DLLs, including oci.dll. Analysis of supply-chain attacks, particularly involving Trojanized packages, has revealed similarities between CoughingDown malware and post-compromise tools used in these incidents. Evidence such as consistent service creation and C2 domain overlap further supports the connection between EAGERBEE and CoughingDown.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database