Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)

Imminent Monitor was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. Various cracked versions and variations of this RAT are still in circulation.(Citation: Imminent Unit42 Dec2019)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2