SUGARUSH

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[SUGARUSH](https://attack.mitre.org/software/S1049) is a small custom backdoor that can establish a reverse shell over TCP to a hard coded C2 address. [SUGARUSH](https://attack.mitre.org/software/S1049) was first identified during analysis of UNC3890's [C0010](https://attack.mitre.org/campaigns/C0010) campaign targeting Israeli companies, which began in late 2020.(Citation: Mandiant UNC3890 Aug 2022)

Associated Techniques (6)

ID	ATT&CK	Tactics
T1016.001	Internet Connection Discovery	-
T1059.003	Windows Command Shell	-
T1095	Non-Application Layer Protocol	-
T1543.003	Windows Service	-
T1571	Non-Standard Port	-
T1680	Local Storage Discovery	-

Metadata

ID:	176
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00