MURKYTOP

MURKYTOP is a reconnaissance tool used by Leviathan. [1]

ID: S0233
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1087Account DiscoveryMURKYTOP has the capability to retrieve information about users on remote hosts.[1]
EnterpriseT1059Command-Line InterfaceMURKYTOP uses the command-line interface.[1]
EnterpriseT1107File DeletionMURKYTOP has the capability to delete local files.[1]
EnterpriseT1046Network Service ScanningMURKYTOP has the capability to scan for open ports on hosts in a connected network.[1]
EnterpriseT1135Network Share DiscoveryMURKYTOP has the capability to retrieve information about shares on remote hosts.[1]
EnterpriseT1069Permission Groups DiscoveryMURKYTOP has the capability to retrieve information about groups.[1]
EnterpriseT1018Remote System DiscoveryMURKYTOP has the capability to identify remote hosts on connected networks.[1]
EnterpriseT1053Scheduled TaskMURKYTOP has the capability to schedule remote AT jobs.[1]
EnterpriseT1082System Information DiscoveryMURKYTOP has the capability to retrieve information about the OS.[1]

Groups

Groups that use this software:

Leviathan

References