Description
[Attor](https://attack.mitre.org/software/S0438) is a Windows-based espionage platform that has been seen in use since 2013. [Attor](https://attack.mitre.org/software/S0438) has a loadable plugin architecture to customize functionality for specific targets.(Citation: ESET Attor Oct 2019)
External References
Techniques Used by This Malware
- T1010 — Application Window Discovery
- T1012 — Query Registry
- T1020 — Automated Exfiltration
- T1027.013 — Encrypted/Encoded File
- T1036.004 — Masquerade Task or Service
- T1037.001 — Logon Script (Windows)
- T1041 — Exfiltration Over C2 Channel
- T1053.005 — Scheduled Task
- T1055 — Process Injection
- T1055.004 — Asynchronous Procedure Call
- T1056.001 — Keylogging
- T1070.004 — File Deletion
- T1070.006 — Timestomp
- T1071.002 — File Transfer Protocols
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1090.003 — Multi-hop Proxy
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1115 — Clipboard Data
- T1119 — Automated Collection
- T1120 — Peripheral Device Discovery
- T1123 — Audio Capture
- T1129 — Shared Modules
- T1218.011 — Rundll32
- T1497.001 — System Checks
- T1543.003 — Windows Service
- T1560.003 — Archive via Custom Method
- T1564.001 — Hidden Files and Directories
- T1569.002 — Service Execution
- T1573.001 — Symmetric Cryptography
- T1573.002 — Asymmetric Cryptography