Skip to content

Hide Navigation Hide TOC

Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a)

Chrommme is a backdoor tool written using the Microsoft Foundation Class (MFC) framework that was first reported in June 2021; security researchers noted infrastructure overlaps with Gelsemium malware.(Citation: ESET Gelsemium June 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Chrommme - S0667 (579607c2-d046-40df-99ab-beb479c37a2a) Malware 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2