Skip to content

S0233 MURKYTOP

MURKYTOP is a reconnaissance tool used by Leviathan. 1

Item Value
ID S0233
Associated Names
Type MALWARE
Version 1.1
Created 18 April 2018
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1087 Account Discovery -
enterprise T1087.001 Local Account MURKYTOP has the capability to retrieve information about users on remote hosts.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell MURKYTOP uses the command-line interface.1
enterprise T1070 Indicator Removal -
enterprise T1070.004 File Deletion MURKYTOP has the capability to delete local files.1
enterprise T1046 Network Service Discovery MURKYTOP has the capability to scan for open ports on hosts in a connected network.1
enterprise T1135 Network Share Discovery MURKYTOP has the capability to retrieve information about shares on remote hosts.1
enterprise T1069 Permission Groups Discovery MURKYTOP has the capability to retrieve information about groups.1
enterprise T1018 Remote System Discovery MURKYTOP has the capability to identify remote hosts on connected networks.1
enterprise T1053 Scheduled Task/Job -
enterprise T1053.002 At MURKYTOP has the capability to schedule remote AT jobs.1
enterprise T1082 System Information Discovery MURKYTOP has the capability to retrieve information about the OS.1

Groups That Use This Software

ID Name References
G0065 Leviathan 12

References

  1. FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018. 

  2. CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.