Skip to content

Hide Navigation Hide TOC

Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)

Manjusaka is a Chinese-language intrusion framework, similar to Sliver and Cobalt Strike, with an ELF binary written in GoLang as the controller for Windows and Linux implants written in Rust. First identified in 2022, Manjusaka consists of multiple components, only one of which (a command and control module) is freely available.(Citation: Talos Manjusaka 2022)

Cluster A Galaxy A Cluster B Galaxy B Level
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2