Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)

Trojan.Karagany is a modular remote access tool used for recon and linked to Dragonfly. The source code for Trojan.Karagany originated from Dream Loader malware which was leaked in 2010 and sold on underground forums. (Citation: Symantec Dragonfly)(Citation: Secureworks Karagany July 2019)(Citation: Dragos DYMALLOY )

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2