Hikit
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Hikit has used HTTP for C2.(Citation: FireEye HIKIT Rootkit Part 2) |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Hikit has the ability to create a remote shell and run given commands.(Citation: FireEye HIKIT Rootkit Part 2) |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
Hikit performs XOR encryption.(Citation: Novetta-Axiom) |
| Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Hikit has used DLL Search Order Hijacking to load |
| Enterprise | T1090 | .001 | Proxy: Internal Proxy |
Hikit supports peer connections.(Citation: Novetta-Axiom) |
| Enterprise | T1553 | .004 | Subvert Trust Controls: Install Root Certificate |
Hikit uses |
| .006 | Subvert Trust Controls: Code Signing Policy Modification |
Hikit has attempted to disable driver signing verification by tampering with several Registry keys prior to the loading of a rootkit driver component.(Citation: FireEye HIKIT Rootkit Part 2) |
||
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0001 | Axiom |
(Citation: Novetta-Axiom) (Citation: Cisco Group 72) |
References
- Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
- Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016.
- Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
- Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved May 4, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.