S0167Windows

S0167Matryoshka

Platforms
1
ATT&CK
14.1
References
3

Description

[Matryoshka](https://attack.mitre.org/software/S0167) is a malware framework used by [CopyKittens](https://attack.mitre.org/groups/G0052) that consists of a dropper, loader, and RAT. It has multiple versions; v1 was seen in the wild from July 2016 until January 2017. v2 has fewer commands and other minor differences. (Citation: ClearSky Wilted Tulip July 2017) (Citation: CopyKittens Nov 2015)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0167
  2. http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
  3. https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
TajMahal
Software
MarkiRAT
Software
TDTESS
Software
DustySky
Software
HELLOKITTY
Software
4H RAT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.