Skip to content

Hide Navigation Hide TOC

Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1)

Pandora is a multistage kernel rootkit with backdoor functionality that has been in use by Threat Group-3390 since at least 2020.(Citation: Trend Micro Iron Tiger April 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Pandora - S0664 (a545456a-f9a7-47ad-9ea6-8b017def38d1) Malware 1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2