Skip to content

Hide Navigation Hide TOC

TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)

TYPEFRAME is a remote access tool that has been used by Lazarus Group. (Citation: US-CERT TYPEFRAME June 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2