Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Epic

Epic is a backdoor that has been used by Turla. [1]

ID: S0091
Aliases: Epic, Tavdig, Wipbot, WorldCupSec, TadjMakhal
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1116Code SigningTurla has used valid digital certificates from Sysprint AG to sign its Epic dropper.[1]
EnterpriseT1071Standard Application Layer ProtocolEpic implements a command and control protocol over HTTP.[1]

Groups

Groups that use this software:

Turla

References