SNUGRIDE

SNUGRIDE is a backdoor that has been used by menuPass as first stage malware. [1]

ID: S0159
Aliases: SNUGRIDE
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
SNUGRIDE[1]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceSNUGRIDE is capable of executing commands and spawning a reverse shell.[1]
EnterpriseT1060Registry Run Keys / Startup FolderSNUGRIDE establishes persistence through a Registry Run key.[1]
EnterpriseT1071Standard Application Layer ProtocolSNUGRIDE communicates with its C2 server over HTTP.[1]
EnterpriseT1032Standard Cryptographic ProtocolSNUGRIDE encrypts C2 traffic using AES with a static key.[1]

Groups

Groups that use this software:

menuPass

References