Skip to content

Hide Navigation Hide TOC

Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)

Cannon is a Trojan with variants written in C# and Delphi. It was first observed in April 2018. (Citation: Unit42 Cannon Nov 2018)(Citation: Unit42 Sofacy Dec 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2