CavalierGPT: The First Comprehensive Infostealers AI Bot - Read More →

Created by: sharat87

Date created: 2022-12-29

Last edited: 2023-01-24

Description: Heatmap of instances of ATT&CK techniques referenced in recent, public CTI reporting around Prynt Infostealer (source links included in Notes per technique below).

Techniques (24)

  • Account Discovery

    ID: T1087

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Application Layer Protocol

    ID: T1071

    Tactics: Command and Control

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Command and Scripting Interpreter

    ID: T1059

    Tactics: Execution

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Credentials from Web Browsers

    ID: T1555.003

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Exfiltration Over C2 Channel

    ID: T1041

    Tactics: Exfiltration

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Exfiltration Over Web Service

    ID: T1567

    Tactics: Exfiltration

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Masquerading

    ID: T1036

    Tactics: Defense Evasion

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Modify Registry

    ID: T1112

    Tactics: Defense Evasion

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Native API

    ID: T1106

    Tactics: Execution

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Process Discovery

    ID: T1057

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Process Injection

    ID: T1055

    Tactics: Privilege Escalation, Defense Evasion

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Query Registry

    ID: T1012

    Tactics: Discovery

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • Screen Capture

    ID: T1113

    Tactics: Collection

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Software Discovery

    ID: T1518

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Steal Application Access Token

    ID: T1528

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Steal Web Session Cookie

    ID: T1539

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • System Checks

    ID: T1497.001

    Tactics: Defense Evasion, Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • System Information Discovery

    ID: T1082

    Tactics: Discovery

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

  • System Location Discovery

    ID: T1614

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • System Service Discovery

    ID: T1007

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • System Time Discovery

    ID: T1124

    Tactics: Discovery

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Unsecured Credentials

    ID: T1552

    Tactics: Credential Access

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • User Execution

    ID: T1204

    Tactics: Execution

    Description: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

  • Web Service

    ID: T1102

    Tactics: Command and Control

    Description: https://www.cyfirma.com/outofband/infostealer-prynt-malware-a-deep-dive-into-its-process-injection-technique/

infostealers-logo

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise