Malware: KOPILUWAK

Description

[KOPILUWAK](https://attack.mitre.org/software/S1075) is a JavaScript-based reconnaissance tool that has been used for victim profiling and C2 since at least 2017.(Citation: Mandiant Suspected Turla Campaign February 2023)

External References

• mitre-attack
• Mandiant Suspected Turla Campaign February 2023

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1041 — Exfiltration Over C2 Channel
• T1049 — System Network Connections Discovery
• T1057 — Process Discovery
• T1059.007 — JavaScript
• T1071.001 — Web Protocols
• T1074.001 — Local Data Staging
• T1082 — System Information Discovery
• T1135 — Network Share Discovery
• T1204.002 — Malicious File
• T1566.001 — Spearphishing Attachment

APT Groups Using This Malware

• Turla