Description
[Mafalda](https://attack.mitre.org/software/S1060) is a flexible interactive implant that has been used by [Metador](https://attack.mitre.org/groups/G1013). Security researchers assess the [Mafalda](https://attack.mitre.org/software/S1060) name may be inspired by an Argentinian cartoon character that has been popular as a means of political commentary since the 1960s. (Citation: SentinelLabs Metador Sept 2022)
External References
Techniques Used by This Malware
- T1003.001 — LSASS Memory
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1049 — System Network Connections Discovery
- T1056 — Input Capture
- T1057 — Process Discovery
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1070.001 — Clear Windows Event Logs
- T1071.001 — Web Protocols
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1090.001 — Internal Proxy
- T1095 — Non-Application Layer Protocol
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1132.001 — Standard Encoding
- T1133 — External Remote Services
- T1134 — Access Token Manipulation
- T1134.003 — Make and Impersonate Token
- T1140 — Deobfuscate/Decode Files or Information
- T1205.001 — Port Knocking
- T1217 — Browser Information Discovery
- T1518.001 — Security Software Discovery
- T1552.004 — Private Keys
- T1569.002 — Service Execution
- T1573.001 — Symmetric Cryptography
- T1622 — Debugger Evasion