Suckfly
ID: G0039
Version: 1.1
Created: 31 May 2017
Last Modified: 16 April 2025
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter:Windows Command Shell | Several tools used bySuckfly have been command-line driven.[2] |
| Enterprise | T1046 | Network Service Discovery | Suckfly the victim's internal network for hosts with ports 8080, 5900, and 40 open.[2] | |
| Enterprise | T1003 | OS Credential Dumping | Suckfly used a signed credential-dumping tool to obtain victim account credentials.[2] | |
| Enterprise | T1553 | .002 | Subvert Trust Controls:Code Signing | Suckfly has used stolen certificates to sign its malware.[1] |
| Enterprise | T1078 | Valid Accounts | Suckfly used legitimate account credentials that they dumped to navigate the internal victim network as though they were the legitimate account owner.[2] | |
Software
| ID | Name | References | Techniques |
|---|---|---|---|
| S0118 | Nidiran | [1][2] | Create or Modify System Process:Windows Service,Ingress Tool Transfer,Masquerading:Masquerade Task or Service |
References
×