Skip to content


SNUGRIDE is a backdoor that has been used by menuPass as first stage malware. 1

Item Value
ID S0159
Associated Names
Version 1.1
Created 14 December 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols SNUGRIDE communicates with its C2 server over HTTP.1
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder SNUGRIDE establishes persistence through a Registry Run key.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell SNUGRIDE is capable of executing commands and spawning a reverse shell.1
enterprise T1573 Encrypted Channel -
enterprise T1573.001 Symmetric Cryptography SNUGRIDE encrypts C2 traffic using AES with a static key.1

Groups That Use This Software

ID Name References
G0045 menuPass 1


Back to top