Skip to content

Hide Navigation Hide TOC

SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)

SslMM is a full-featured backdoor used by Naikon that has multiple variants. (Citation: Baumgartner Naikon 2015)

Cluster A Galaxy A Cluster B Galaxy B Level
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
SslMM (009db412-762d-4256-8df9-eb213be01ffd) Malpedia SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2