…IcedID IcedID has established persistence by creating a Registry run key. [107] G0100 Inception Inception has maintained persistence by modifying Registry run key value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ . [108] S0259 InnaputRAT Some InnaputRAT varia…
…ions. [130] S0483 IcedID IcedID has used HTTPS in communications with C2. [131] G0100 Inception Inception has used HTTP, HTTPS, and WebDav in network communications. [132] [133] S0604 Industroyer Industroyer ’s main backdoor connected to a remote C2 server using HTTPS. [134] S026…
…IcedID IcedID has established persistence by creating a Registry run key. [128] G0100 Inception Inception has maintained persistence by modifying Registry run key value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ [129] S0259 InnaputRAT Some InnaputRAT variant…
…IcedID IcedID has established persistence by creating a Registry run key. [134] G0100 Inception Inception has maintained persistence by modifying Registry run key value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ . [135] S0259 InnaputRAT Some InnaputRAT varia…
… it is located in the %TEMP% directory, otherwise it copies itself there. [114] G0100 Inception Inception used a file listing plugin to collect information about file and directories both on local and remote drives. [115] S0604 Industroyer Industroyer ’s data wiper component enum…
…S0483 IcedID IcedID has used HTTPS in communications with C2. [180] [181] [182] G0100 Inception Inception has used HTTP, HTTPS, and WebDav in network communications. [183] [184] S0604 Industroyer Industroyer ’s main backdoor connected to a remote C2 server using HTTPS. [185] S026…
…e command line arguments to encrypt specific files and directories. [160] [161] G0100 Inception Inception used a file listing plugin to collect information about file and directories both on local and remote drives. [162] S0604 Industroyer Industroyer ’s data wiper component enum…
…ility to identify the computer name and OS version on a compromised host. [134] G0100 Inception Inception has used a reconnaissance module to gather information about the operating system and hardware on the infected host. [135] S0604 Industroyer Industroyer collects the victim m…
…gateways; the debugger also encrypts information before sending to the C2. [14] G0100 Inception Inception has encrypted malware payloads dropped on victim machines with AES and RC4 encryption. [156] S0604 Industroyer Industroyer uses heavily obfuscated code in its Windows Notepad…
…3 IcedID IcedID has utilzed encrypted binaries and base64 encoded strings. [99] G0100 Inception Inception has encrypted malware payloads dropped on victim machines with AES and RC4 encryption. [100] S1132 IPsec Helper IPsec Helper contains an embedded XML configuration file with …
…ware INC Ransomware can discover and mount hidden drives to encrypt them. [190] G0100 Inception Inception has used a reconnaissance module to gather information about the operating system and hardware on the infected host. [191] S0604 Industroyer Industroyer collects the victim m…
…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Carbon Black Thre…
…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021. Tudorica, R. et al…
…itor has a PasswordRecoveryPacket module for recovering browser passwords. [34] G0100 Inception Inception used a browser plugin to steal passwords and sessions from Internet Explorer, Chrome, Opera, Firefox, Torch, and Yandex. [35] S0528 Javali Javali can capture login credential…
← Previous
Page 2