Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Suckfly

Suckfly is a China-based threat group that has been active since at least 2014. [1]

ID: G0039
Aliases: Suckfly
Version: 1.0

Alias Descriptions

NameDescription
Suckfly[1] [2]

Techniques Used

DomainIDNameUse
EnterpriseT1116Code SigningSuckfly has used stolen certificates to sign its malware.[1]
EnterpriseT1059Command-Line InterfaceSeveral tools used by Suckfly have been command-line driven.[2]
EnterpriseT1003Credential DumpingSuckfly used a signed credential-dumping tool to obtain victim account credentials.[2]
EnterpriseT1046Network Service ScanningSuckfly the victim's internal network for hosts with ports 8080, 5900, and 40 open.[2]
EnterpriseT1078Valid AccountsSuckfly used legitimate account credentials that they dumped to navigate the internal victim network as though they were the legitimate account owner.[2]

Software

IDNameTechniques
S0118NidiranCommonly Used Port, Masquerading, New Service, Remote File Copy, Standard Cryptographic Protocol

References