Skip to content

Hide Navigation Hide TOC

BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe)

BOLDMOVE is a type of backdoor malware written in C linked to People’s Republic of China operations from 2022 through 2023. BOLDMOVE includes both Windows and Linux variants, with some Linux variants specifically designed for FortiGate Firewall devices. BOLDMOVE is linked to zero-day exploitation of CVE-2022-42475 in FortiOSS SSL-VPNs.(Citation: Google Cloud BOLDMOVE 2023) The record for BOLDMOVE only covers known Linux variants.

Cluster A Galaxy A Cluster B Galaxy B Level
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware 1
BOLDMOVE - S1184 (325fa466-4a2a-45a0-acc6-f6bed9b45ebe) Malware Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 2