Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)

Imminent Monitor was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. Various cracked versions and variations of this RAT are still in circulation.(Citation: Imminent Unit42 Dec2019)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	1
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	2