Malware: BADFLICK

Description

[BADFLICK](https://attack.mitre.org/software/S0642) is a backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065) in spearphishing campaigns first reported in 2018 that targeted the U.S. engineering and maritime industries.(Citation: FireEye Periscope March 2018)(Citation: Accenture MUDCARP March 2019)

External References

• mitre-attack
• FireEye Periscope March 2018
• Accenture MUDCARP March 2019

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1204.002 — Malicious File
• T1497.003 — Time Based Evasion
• T1560.002 — Archive via Library
• T1566.001 — Spearphishing Attachment

APT Groups Using This Malware

• Leviathan