S0383 FlawedGrace
FlawedGrace is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.1
| Item | Value |
|---|---|
| ID | S0383 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 29 May 2019 |
| Last Modified | 07 June 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1027 | Obfuscated Files or Information | FlawedGrace encrypts its C2 configuration files with AES in CBC mode.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0092 | TA505 | 123 |
References
-
Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019. ↩↩↩
-
Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020. ↩
-
Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020. ↩