Malware: MoonWind

Description

[MoonWind](https://attack.mitre.org/software/S0149) is a remote access tool (RAT) that was used in 2016 to target organizations in Thailand. (Citation: Palo Alto MoonWind March 2017)

External References

• mitre-attack
• Palo Alto MoonWind March 2017

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1056.001 — Keylogging
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1074.001 — Local Data Staging
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1095 — Non-Application Layer Protocol
• T1120 — Peripheral Device Discovery
• T1124 — System Time Discovery
• T1543.003 — Windows Service
• T1571 — Non-Standard Port
• T1573.001 — Symmetric Cryptography