Malware: Pandora

Description

[Pandora](https://attack.mitre.org/software/S0664) is a multistage kernel rootkit with backdoor functionality that has been in use by [Threat Group-3390](https://attack.mitre.org/groups/G0027) since at least 2020.(Citation: Trend Micro Iron Tiger April 2021)

External References

• mitre-attack
• Trend Micro Iron Tiger April 2021

Techniques Used by This Malware

• T1027.015 — Compression
• T1055 — Process Injection
• T1057 — Process Discovery
• T1068 — Exploitation for Privilege Escalation
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1112 — Modify Registry
• T1205 — Traffic Signaling
• T1543.003 — Windows Service
• T1553.006 — Code Signing Policy Modification
• T1569.002 — Service Execution
• T1573.001 — Symmetric Cryptography
• T1574.001 — DLL

APT Groups Using This Malware

• Cinnamon Tempest
• Threat Group-3390