Description
[Clambling](https://attack.mitre.org/software/S0660) is a modular backdoor written in C++ that has been used by [Threat Group-3390](https://attack.mitre.org/groups/G0027) since at least 2017.(Citation: Trend Micro DRBControl February 2020)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1027 — Obfuscated Files or Information
- T1033 — System Owner/User Discovery
- T1055 — Process Injection
- T1055.012 — Process Hollowing
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1071 — Application Layer Protocol
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1095 — Non-Application Layer Protocol
- T1102.002 — Bidirectional Communication
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1115 — Clipboard Data
- T1124 — System Time Discovery
- T1125 — Video Capture
- T1135 — Network Share Discovery
- T1140 — Deobfuscate/Decode Files or Information
- T1204.002 — Malicious File
- T1497.003 — Time Based Evasion
- T1543.003 — Windows Service
- T1547.001 — Registry Run Keys / Startup Folder
- T1548.002 — Bypass User Account Control
- T1564.001 — Hidden Files and Directories
- T1566.001 — Spearphishing Attachment
- T1567.002 — Exfiltration to Cloud Storage
- T1569.002 — Service Execution
- T1574.001 — DLL