Skip to content

Hide Navigation Hide TOC

QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4)

QUIETCANARY is a backdoor tool written in .NET that has been used since at least 2022 to gather and exfiltrate data from victim networks.(Citation: Mandiant Suspected Turla Campaign February 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware 1
QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware 1
QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1
QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware 1
QUIETCANARY - S1076 (93289ecf-4d15-4d6b-a9c3-4ab27e145ef4) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2