Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)

Dvmap is rooting malware that injects malicious code into system runtime libraries. It is credited with being the first malware that performs this type of code injection.(Citation: SecureList DVMap June 2017)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0)	Attack Pattern	1
System Runtime API Hijacking - T1625.001 (c6e17ca2-08b5-4379-9786-89bd05241831)	Attack Pattern	Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	1
Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172)	Attack Pattern	1
Dvmap - S0420 (22b596a6-d288-4409-8520-5f2846f85514)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1)	Attack Pattern	Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0)	Attack Pattern	2
System Runtime API Hijacking - T1625.001 (c6e17ca2-08b5-4379-9786-89bd05241831)	Attack Pattern	Hijack Execution Flow - T1625 (670a4d75-103b-4b14-8a9e-4652fa795edd)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2