Malware: TAINTEDSCRIBE

Description

[TAINTEDSCRIBE](https://attack.mitre.org/software/S0586) is a fully-featured beaconing implant integrated with command modules used by [Lazarus Group](https://attack.mitre.org/groups/G0032). It was first reported in May 2020.(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020)

External References

• mitre-attack
• CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020

Techniques Used by This Malware

• T1001.003 — Protocol or Service Impersonation
• T1008 — Fallback Channels
• T1018 — Remote System Discovery
• T1027.001 — Binary Padding
• T1036.005 — Match Legitimate Resource Name or Location
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1070.006 — Timestomp
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1124 — System Time Discovery
• T1547.001 — Registry Run Keys / Startup Folder
• T1560 — Archive Collected Data
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• Lazarus Group