Skip to content

Hide Navigation Hide TOC

Sowbug (1ca3b039-404e-4132-88c2-4e41235cd2f5)

Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates.

Cluster A Galaxy A Cluster B Galaxy B Level
Sowbug (1ca3b039-404e-4132-88c2-4e41235cd2f5) Threat Actor Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern Sowbug - G0054 (d1acfbb3-647b-4723-9154-800ec119006e) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Starloader - S0188 (96566860-9f11-4b6f-964d-1c924e4f24a4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Felismus (07a41ea7-17b2-4852-bfd7-54211c477dc0) Malpedia 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Felismus - S0171 (196f1f32-e0c2-4d46-99cd-234d4b6befe1) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4