<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Magic Hound Sniffs Out Trouble

 magic hound.jpg

Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.

Similarities between the likely Iranian-based threat actor “Rocket Kitten” and Magic Hound group were noticed, with clues including the use of a shared Command and Control IP to distribute their malware. Researchers also noted an overlap in infrastructure with the domains used in the recent Shamoon 2 campaign, which also targeted Saudi Arabian companies.

ThreatSTOP customers are protected from Magic Hound if they have the TSCritical target enabled in their policy.

Share this:

Home Page


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter