Malware Lurid

Lurid is a malware family that has been used by several groups, including PittyTiger, in targeted attacks as far back as 2006.


List of techniques used :


id description
T1560 Archive Collected Data
An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender. Both compression and encryption are done prior to exfiltration, and can be performed using a utility, 3rd party library, or custom method.
T1573.001 Encrypted Channel: Symmetric Cryptography
Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.

List of groups using the malware :


id description
G0011 PittyTiger
PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control.

© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.