VOOZH about

URL: https://attack.mitre.org/software/S0682/

⇱ TrailBlazer, Software S0682 | MITRE ATT&CK®

ATT&CKcon 7.0 is coming October 27-28, 2026. Learn more about ATT&CKcon 7.0 and submit your proposal.
  1. Home
  2. Software
  3. TrailBlazer

TrailBlazer

TrailBlazer is a modular malware that has been used by APT29 since at least 2019.[1]

ID: S0682
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 08 February 2022
Last Modified: 16 April 2025
Enterprise Layer
download view 👁 Image

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

TrailBlazer has used HTTP requests for C2.[1]
Enterprise T1001 Data Obfuscation

TrailBlazer can masquerade its C2 traffic as legitimate Google Notifications HTTP requests.[1]
.001 Junk Data

TrailBlazer has used random identifier strings to obscure its C2 operations and result codes.[1]
Enterprise T1546 .003 Event Triggered Execution: Windows Management Instrumentation Event Subscription

TrailBlazer has the ability to use WMI for persistence.[1]
Enterprise T1036 Masquerading

TrailBlazer has used filenames that match the name of the compromised system in attempt to avoid detection.[1]

Groups That Use This Software

ID Name References
G0016 APT29

[1][2][3][4]

Campaigns

ID Name Description
C0024 SolarWinds Compromise

[1]

References

×