Matryoshka

Malware & Tools · Matryoshka

· MalwareS0167 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

Matryoshka is a malware framework used by CopyKittens that consists of a dropper, loader, and RAT. It has multiple versions; v1 was seen in the wild from July 2016 until January 2017. v2 has fewer commands and other minor differences. (Citation: ClearSky Wilted Tulip July 2017) (Citation: CopyKittens Nov 2015)

Tactic Coverage

stealth (3)privilege escalation (3)execution (2)persistence (2)collection (2)credential access (2)command and control (1)

Used By (1 groups)

G0052CopyKittens

Techniques (10)

T1027Obfuscated Files or Information

stealth

T1053.005Scheduled Task

executionpersistence

T1055.001Dynamic-link Library Injection

stealthprivilege escalation

T1056.001Keylogging

collectioncredential access

T1059Command and Scripting Interpreter

execution

T1071.004DNS

References

https://attack.mitre.org/software/S0167 http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf https://cdn2.hubspot.net/hubfs/1903456/Whitepapers/CopyKittens.pdf