Skip to content

Hide Navigation Hide TOC

LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd)

LitePower is a downloader and second stage malware that has been used by WIRTE since at least 2021.(Citation: Kaspersky WIRTE November 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware 1
LitePower - S0680 (9020f5c7-efde-4125-a4f1-1b70f1274ddd) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2