Created by: TropChaud

Date created: 2022-12-16

Last edited: 2023-01-24

Description: Heatmap of instances of ATT&CK techniques for RecordBreaker Stealer based on recent public CTI reporting (sources in notes for each technique).

Techniques (14)

  • Application Layer Protocol

    ID: T1071

    Tactics: Command and Control

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Credentials from Web Browsers

    ID: T1555.003

    Tactics: Credential Access

    Description: https://cloudsek.com/recordbreaker-the-resurgence-of-raccoon/

  • Deobfuscate/Decode Files or Information

    ID: T1140

    Tactics: Defense Evasion

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Exfiltration Over C2 Channel

    ID: T1041

    Tactics: Exfiltration

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Process Hollowing

    ID: T1055.012

    Tactics: Privilege Escalation, Defense Evasion

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Screen Capture

    ID: T1113

    Tactics: Collection

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Software Discovery

    ID: T1518

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Steal Application Access Token

    ID: T1528

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Steal Web Session Cookie

    ID: T1539

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • System Service Discovery

    ID: T1007

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • System Time Discovery

    ID: T1124

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Unsecured Credentials

    ID: T1552

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • User Execution

    ID: T1204

    Tactics: Execution

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

  • Virtualization/Sandbox Evasion

    ID: T1497

    Tactics: Defense Evasion, Discovery

    Description: https://blog.cyble.com/2022/11/08/massive-youtube-campaign-targeting-over-100-applications-to-deliver-info-stealer/

infostealers-logo
favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise