RedLeaves

Malware & Tools · RedLeaves

· MalwareS0153 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

RedLeaves is a malware family used by menuPass. The code overlaps with PlugX and may be based upon the open source tool Trochilus. (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: FireEye APT10 April 2017)

Tactic Coverage

discovery (5)command and control (4)stealth (3)execution (2)persistence (2)privilege escalation (2)collection (1)credential access (1)

Used By (1 groups)

G0045menuPassCicada, POTASSIUM

Techniques (17)

T1016System Network Configuration Discovery

discovery

T1027.013Encrypted/Encoded File

stealth

T1033System Owner/User Discovery

discovery

T1049System Network Connections Discovery

discovery

T1059.003Windows Command Shell

execution

T1070.004File Deletion

stealth

T1071.001Web Protocols

References

https://attack.mitre.org/software/S0153 https://x.com/ItsReallyNick/status/850105140589633536 https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html https://www.pwc.co.uk/cyber-security/pdf/pwc-uk-operation-cloud-hopper-technical-annex-april-2017.pdf