S0594 Out1
Out1 is a remote access tool written in python and used by MuddyWater since at least 2021.1
| Item | Value |
|---|---|
| ID | S0594 |
| Associated Names | |
| Type | TOOL |
| Version | 1.0 |
| Created | 19 March 2021 |
| Last Modified | 26 April 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1071 | Application Layer Protocol | - |
| enterprise | T1071.001 | Web Protocols | Out1 can use HTTP and HTTPS in communications with remote hosts.1 |
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.003 | Windows Command Shell | Out1 can use native command line for execution.1 |
| enterprise | T1005 | Data from Local System | Out1 can copy files and Registry data from compromised hosts.1 |
| enterprise | T1114 | Email Collection | - |
| enterprise | T1114.001 | Local Email Collection | Out1 can parse e-mails on a target machine.1 |
| enterprise | T1027 | Obfuscated Files or Information | Out1 has the ability to encode data.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0069 | MuddyWater | 1 |