Stealth Falcon (aka FruityArmor) is a cyber espionage group that has been targeting journalists, activists, and dissidents in the Middle East. They use spear-phishing lures to deliver custom implants capable of executing arbitrary commands. The group has been linked to Project Raven, a clandestine operation involving former U.S. intelligence operatives. They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon. Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode. The backdoor communicates with a command-and-control server and can execute various tasks, manage modules, and upload command outputs. Deadglyph employs counter-detection mechanisms and can uninstall itself to avoid detection.

• Stealth Falcon is a cyber espionage group targeting individuals in the Middle East.
• They use spear-phishing lures to deliver custom implants for executing commands.
• They have been linked to Project Raven, a covert operation involving former U.S. intelligence operatives.
• They have exploited zero-day vulnerabilities in Windows and used a backdoor named Win32/StealthFalcon.
• Their latest addition is a backdoor called Deadglyph, which uses the Windows Registry to extract and load shellcode.
• Deadglyph communicates with a command-and-control server and can execute tasks, manage modules, and upload command outputs.
• It employs counter-detection mechanisms and can uninstall itself to avoid detection.