Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)

Ecipekac is a multi-layer loader that has been used by menuPass since at least 2019 including use as a loader for P8RAT, SodaMaster, and FYAnti.(Citation: Securelist APT10 March 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)	Malware	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	1
Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1
Ecipekac - S0624 (292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	2