Skip to content

Hide Navigation Hide TOC

BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)

BACKSPACE is a backdoor used by APT30 that dates back to at least 2005. (Citation: FireEye APT30)

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 1
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 2
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool backspace (23398248-a52a-4a7c-af10-262822d33a4e) Malpedia 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2