Hide Navigation Hide TOC

HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)

HAMMERTOSS is a backdoor that was used by APT29 in 2015. (Citation: FireEye APT29) (Citation: F-Secure The Dukes)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	1
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	1
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	1
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	1
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	1
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2