Skip to content

Hide Navigation Hide TOC

T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)

T9000 is a backdoor that is a newer variant of the T5000 malware family, also known as Plat1. Its primary function is to gather information about the victim. It has been used in multiple targeted attacks against U.S.-based organizations. (Citation: FireEye admin@338 March 2014) (Citation: Palo Alto T9000 Feb 2016)

Cluster A Galaxy A Cluster B Galaxy B Level
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 1
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware 1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware T9000 (66575fb4-7f92-42d8-8c47-e68a26413081) Tool 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 2