The sub-techniques beta is now live! Read the release blog post for more info.


Lurid is a malware family that has been used by several groups, including PittyTiger, in targeted attacks as far back as 2006. [1] [2]

ID: S0010
Associated Software: Enfal
Platforms: Windows
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1024 Custom Cryptographic Protocol

Lurid performs XOR encryption.[2]

Enterprise T1002 Data Compressed

Lurid can compress data before sending it.[2]

Groups That Use This Software

ID Name References
G0011 PittyTiger [1]