Moonstone Sleet
Associated Group Descriptions |
|
| Name | Description |
|---|---|
| Storm-1789 | (Citation: Microsoft Moonstone Sleet 2024) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1583 | .001 | Acquire Infrastructure: Domains |
Moonstone Sleet registered domains to develop effective personas for fake companies used in phishing activity.(Citation: Microsoft Moonstone Sleet 2024) |
| .003 | Acquire Infrastructure: Virtual Private Server |
Moonstone Sleet registered virtual private servers to host payloads for download.(Citation: Microsoft Moonstone Sleet 2024) |
||
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Moonstone Sleet used curl to connect to adversary-controlled infrastructure and retrieve additional payloads.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Moonstone Sleet used registry run keys for process execution during initial victim infection.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1587 | .001 | Develop Capabilities: Malware |
Moonstone Sleet has developed custom malware, including a malware delivery mechanism masquerading as a legitimate game.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1585 | .001 | Establish Accounts: Social Media Accounts |
Moonstone Sleet has created social media accounts to interact with victims.(Citation: Microsoft Moonstone Sleet 2024) |
| .002 | Establish Accounts: Email Accounts |
Moonstone Sleet has created email accounts to interact with victims, including for phishing purposes.(Citation: Microsoft Moonstone Sleet 2024) |
||
| Enterprise | T1589 | .002 | Gather Victim Identity Information: Email Addresses |
Moonstone Sleet gathered victim email address information for follow-on phishing activity.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
Moonstone Sleet retrieved credentials from LSASS memory.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1027 | .009 | Obfuscated Files or Information: Embedded Payloads |
Moonstone Sleet embedded payloads in trojanized software for follow-on execution.(Citation: Microsoft Moonstone Sleet 2024) |
| .013 | Obfuscated Files or Information: Encrypted/Encoded File |
Moonstone Sleet has used encrypted payloads within files for follow-on execution and defense evasion.(Citation: Microsoft Moonstone Sleet 2024) |
||
| Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Moonstone Sleet delivered various payloads to victims as spearphishing attachments.(Citation: Microsoft Moonstone Sleet 2024) |
| .003 | Phishing: Spearphishing via Service |
Moonstone Sleet has used social media services to spear phish victims to deliver trojainized software.(Citation: Microsoft Moonstone Sleet 2024) |
||
| Enterprise | T1598 | .003 | Phishing for Information: Spearphishing Link |
Moonstone Sleet used spearphishing messages containing items such as tracking pixels to determine if users interacted with malicious messages.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
Moonstone Sleet used scheduled tasks for program execution during initial access to victim machines.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1608 | .001 | Stage Capabilities: Upload Malware |
Moonstone Sleet staged malicious capabilities online for follow-on download by victims or malware.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1195 | .002 | Supply Chain Compromise: Compromise Software Supply Chain |
Moonstone Sleet has distributed a trojanized version of PuTTY software for initial access to victims.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1569 | .002 | System Services: Service Execution |
Moonstone Sleet used intermediate loader malware such as YouieLoader and SplitLoader that create malicious services.(Citation: Microsoft Moonstone Sleet 2024) |
| Enterprise | T1204 | .002 | User Execution: Malicious File |
Moonstone Sleet relied on users interacting with malicious files, such as a trojanized PuTTY installer, for initial execution.(Citation: Microsoft Moonstone Sleet 2024) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.