T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)

T9000 is a backdoor that is a newer variant of the T5000 malware family, also known as Plat1. Its primary function is to gather information about the victim. It has been used in multiple targeted attacks against U.S.-based organizations. (Citation: FireEye admin@338 March 2014) (Citation: Palo Alto T9000 Feb 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 (66575fb4-7f92-42d8-8c47-e68a26413081)	Tool	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2