FlawedGrace

FlawedGrace is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.[1]

ID: S0383
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1043 Commonly Used Port

FlawedGrace has used port 443 for C2 communications.[1]

Enterprise T1094 Custom Command and Control Protocol

FlawedGrace uses a custom binary protocol for its C2 communications.[1]

Enterprise T1027 Obfuscated Files or Information

FlawedGrace encrypts its C2 configuration files with AES in CBC mode.[1]

Groups That Use This Software

ID Name References
G0092 TA505 [1]

References