Orz

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[Orz](https://attack.mitre.org/software/S0229) is a custom JavaScript backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065). It was observed being used in 2014 as well as in August 2017 when it was dropped by Microsoft Publisher files. (Citation: Proofpoint Leviathan Oct 2017) (Citation: FireEye Periscope March 2018)

Tecniche Associate (13)

ID	ATT&CK	Tattiche
T1016	System Network Configuration Discovery	-
T1027	Obfuscated Files or Information	-
T1055.012	Process Hollowing	-
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1070	Indicator Removal	-
T1082	System Information Discovery	-
T1083	File and Directory Discovery	-
T1102.002	Bidirectional Communication	-
T1105	Ingress Tool Transfer	-
T1112	Modify Registry	-
T1218.010	Regsvr32	-
T1518	Software Discovery	-

Alias (104)

AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK AIRBREAK

Usato da Attori (1)

Leviathan
Unknown

Metadata

ID:	24
Created:	13/01/2026 17:48
Updated:	06/03/2026 04:00