Hide Navigation Hide TOC

SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)

SVCReady is a loader that has been used since at least April 2022 in malicious spam campaigns. Security researchers have noted overlaps between TA551 activity and SVCReady distribution, including similarities in file names, lure images, and identical grammatical errors.(Citation: HP SVCReady Jun 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	1
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2