T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)

T9000 is a backdoor that is a newer variant of the T5000 malware family, also known as Plat1. Its primary function is to gather information about the victim. It has been used in multiple targeted attacks against U.S.-based organizations. (Citation: FireEye admin@338 March 2014) (Citation: Palo Alto T9000 Feb 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	1
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 (66575fb4-7f92-42d8-8c47-e68a26413081)	Tool	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	1
T9000 - S0098 (876f6a77-fbc5-4e13-ab1a-5611986730a3)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2