SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)

SVCReady is a loader that has been used since at least April 2022 in malicious spam campaigns. Security researchers have noted overlaps between TA551 activity and SVCReady distribution, including similarities in file names, lure images, and identical grammatical errors.(Citation: HP SVCReady Jun 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	SVCReady - S1064 (7230ded7-3b1a-4d6e-9735-d0ffd47af9f6)	Malware	1
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2