Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)

Manjusaka is a Chinese-language intrusion framework, similar to Sliver and Cobalt Strike, with an ELF binary written in GoLang as the controller for Windows and Linux implants written in Rust. First identified in 2022, Manjusaka consists of multiple components, only one of which (a command and control module) is freely available.(Citation: Talos Manjusaka 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Manjusaka - S1156 (dd2ad3d7-d7ef-4af5-a919-bfe8f2571705)	Malware	1
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2