MOPSLED

Malware & Tools · MOPSLED

· MalwareS1221 · Zararlı Yazılım

Type

malware

Techniques

Used By

2 groups

Platforms

Linux

Description

MOPSLED is a shellcode-based modular backdoor that has been used by China-nexus cyber espionage actors including UNC3886 and APT41.(Citation: Google Cloud Mandiant UNC3886 2024)

Tactic Coverage

command and control (4)stealth (2)

Used By (2 groups)

G0096APT41Wicked Panda, Brass Typhoon G1048UNC3886

Techniques (6)

T1027.013Encrypted/Encoded File

stealth

T1071.001Web Protocols

command and control

T1095Non-Application Layer Protocol

command and control

T1102Web Service

command and control

T1102.001Dead Drop Resolver

command and control

T1140Deobfuscate/Decode Files or Information

stealth

References

https://attack.mitre.org/software/S1221 https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations