SNUGRIDE

SNUGRIDE is a backdoor that has been used by menuPass as first stage malware. [1]

ID: S0159
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface SNUGRIDE is capable of executing commands and spawning a reverse shell.[1]
Enterprise T1060 Registry Run Keys / Startup Folder SNUGRIDE establishes persistence through a Registry Run key.[1]
Enterprise T1071 Standard Application Layer Protocol SNUGRIDE communicates with its C2 server over HTTP.[1]
Enterprise T1032 Standard Cryptographic Protocol SNUGRIDE encrypts C2 traffic using AES with a static key.[1]

Groups

Groups that use this software:

menuPass

References