HiddenWasp

HiddenWasp installs reboot persistence by adding itself to /etc/rc.local.(Citation: Intezer HiddenWasp Map 2019)

HiddenWasp uses a script to automate tasks on the victim's machine and to assist in execution.(Citation: Intezer HiddenWasp Map 2019)

HiddenWasp creates a user account as a means to provide initial persistence to the compromised machine.(Citation: Intezer HiddenWasp Map 2019)

HiddenWasp uses an RC4-like algorithm with an already computed PRGA generated key-stream for network communication.(Citation: Intezer HiddenWasp Map 2019)

HiddenWasp adds itself as a shared object to the LD_PRELOAD environment variable.(Citation: Intezer HiddenWasp Map 2019)