Skip to content

Hide Navigation Hide TOC

Sowbug (1ca3b039-404e-4132-88c2-4e41235cd2f5)

Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates.

Cluster A Galaxy A Cluster B Galaxy B Level
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set Sowbug (1ca3b039-404e-4132-88c2-4e41235cd2f5) Threat Actor 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 2
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Felismus (07a41ea7-17b2-4852-bfd7-54211c477dc0) Malpedia Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware 3
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4