VERY IMPORTANT

"In this technical report we analyse new samples of the toolkit spotted in April 2020, and dubbed “Penquin_x64”. We describe in depth the capabilities of this stealth backdoor, comparing it to the older known versions, and we also investigate the possible build dates of these samples. The threat actor put in place a considerable amount of effort to avoid the improper activation of the backdoor. In this report we shed light on the communication protocol, providing a tool to efficiently detect a “Penquin_x64” infection in enterprise networks."