Blue Mockingbird

Techniques (MITRE ATT&CK)22

SourceMITRE ATT&CK

Vexday analysis

Blue Mockingbird é um cluster de atividade maliciosa voltado à execução de cargas de mineração de criptomoeda Monero na forma de bibliotecas de vínculo dinâmico (DLL) em sistemas Windows, com as primeiras ferramentas observadas criadas em dezembro de 2019. O grupo é rastreado pelo MITRE ATT&CK sob o identificador G0108, com 22 técnicas documentadas e 3 CVEs atribuídas à sua atuação.

Techniques (MITRE ATT&CK) 22

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Tool

Initial access

Exploit Public-Facing Application

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Service Execution

Persistence

Windows Service

Privilege escalation

Windows Management Instrumentation Event Subscription

Credential access

LSASS Memory

Discovery

System Information Discovery

Lateral movement

Remote Desktop Protocol SMB/Windows Admin Shares

Command and control

Proxy

Impact

Compute Hijacking

defense-impairment

Modify Registry

stealth

Encrypted/Encoded File Match Legitimate Resource Name or Location Access Token Manipulation Regsvr32 Rundll32 COR_PROFILER

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2019-18935CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%

Blue Mockingbird uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →