Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

MURKYTOP

MURKYTOP is a reconnaissance tool used by Leviathan. [1]

ID: S0233
Aliases: MURKYTOP
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
MURKYTOP[1]

Techniques Used

DomainIDNameUse
EnterpriseT1087Account Discoveryhas the capability to retrieve information about users on remote hosts.[1]
EnterpriseT1059Command-Line Interfaceuses the command-line interface.[1]
EnterpriseT1107File Deletionhas the capability to delete local files.[1]
EnterpriseT1046Network Service Scanninghas the capability to scan for open ports on hosts in a connected network.[1]
EnterpriseT1135Network Share Discoveryhas the capability to retrieve information about shares on remote hosts.[1]
EnterpriseT1069Permission Groups Discoveryhas the capability to retrieve information about groups.[1]
EnterpriseT1018Remote System Discoveryhas the capability to identify remote hosts on connected networks.[1]
EnterpriseT1053Scheduled Taskhas the capability to schedule remote AT jobs.[1]
EnterpriseT1082System Information Discoveryhas the capability to retrieve information about the OS.[1]

Groups

Groups that use this software:

Leviathan

References