SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)

SVCReady is a loader that has been used since at least April 2022 in malicious spam campaigns. Security researchers have noted overlaps between TA551 activity and SVCReady distribution, including similarities in file names, lure images, and identical grammatical errors.(Citation: HP SVCReady Jun 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2