Malware Lurid
Lurid is a malware family that has been used by several groups, including PittyTiger, in targeted attacks as far back as 2006.
Platforms : Windows
Version : 1.1
Created : 31 May 2017
Last Modified : 31 March 2020
Version : 1.1
Created : 31 May 2017
Last Modified : 31 March 2020
List of techniques used :
| id | description |
|---|---|
| T1560 | Archive Collected Data An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender. Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method. |
| T1573.001 | Encrypted Channel: Symmetric Cryptography Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4. |
List of groups using the malware :
| id | description |
|---|---|
| G0011 | PittyTiger PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control. |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.