Malware: Flagpro

Description

[Flagpro](https://attack.mitre.org/software/S0696) is a Windows-based, first-stage downloader that has been used by [BlackTech](https://attack.mitre.org/groups/G0098) since at least October 2020. It has primarily been used against defense, media, and communications companies in Japan.(Citation: NTT Security Flagpro new December 2021)

External References

• mitre-attack
• NTT Security Flagpro new December 2021

Techniques Used by This Malware

• T1005 — Data from Local System
• T1010 — Application Window Discovery
• T1016 — System Network Configuration Discovery
• T1018 — Remote System Discovery
• T1027 — Obfuscated Files or Information
• T1029 — Scheduled Transfer
• T1033 — System Owner/User Discovery
• T1036 — Masquerading
• T1041 — Exfiltration Over C2 Channel
• T1049 — System Network Connections Discovery
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1059.005 — Visual Basic
• T1069.001 — Local Groups
• T1070 — Indicator Removal
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1106 — Native API
• T1132.001 — Standard Encoding
• T1135 — Network Share Discovery
• T1204.002 — Malicious File
• T1547.001 — Registry Run Keys / Startup Folder
• T1566.001 — Spearphishing Attachment
• T1614.001 — System Language Discovery

APT Groups Using This Malware

• BlackTech