Skip to content

Hide Navigation Hide TOC

KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)

KEYMARBLE is a Trojan that has reportedly been used by the North Korean government. (Citation: US-CERT KEYMARBLE Aug 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 1
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2