Malware: T9000

Description

[T9000](https://attack.mitre.org/software/S0098) is a backdoor that is a newer variant of the T5000 malware family, also known as Plat1. Its primary function is to gather information about the victim. It has been used in multiple targeted attacks against U.S.-based organizations. (Citation: FireEye admin@338 March 2014) (Citation: Palo Alto T9000 Feb 2016)

External References

• mitre-attack
• FireEye admin@338 March 2014
• Palo Alto T9000 Feb 2016

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1082 — System Information Discovery
• T1113 — Screen Capture
• T1119 — Automated Collection
• T1120 — Peripheral Device Discovery
• T1123 — Audio Capture
• T1124 — System Time Discovery
• T1125 — Video Capture
• T1518.001 — Security Software Discovery
• T1546.010 — AppInit DLLs
• T1560.003 — Archive via Custom Method
• T1574.001 — DLL