TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)

TRANSLATEXT is malware that is believed to be used by Kimsuky.(Citation: Zscaler Kimsuky TRANSLATEXT) TRANSLATEXT masqueraded as a Google Translate extension for Google Chrome, but is actually a collection of four malicious Javascript files that perform defense evasion, information collection and exfiltration.(Citation: Zscaler Kimsuky TRANSLATEXT)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	1
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	1
TRANSLATEXT - S1201 (4b72b6a7-72be-45d9-af02-fdcf0fc6d358)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2