Flame
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| sKyWIper | (Citation: Kaspersky Flame) (Citation: Crysys Skywiper) |
| Flamer | (Citation: Kaspersky Flame) (Citation: Symantec Beetlejuice) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1547 | .002 | Boot or Logon Autostart Execution: Authentication Package |
Flame can use Windows Authentication Packages for persistence.(Citation: Crysys Skywiper) |
| Enterprise | T1136 | .001 | Create Account: Local Account |
Flame can create backdoor accounts with login “HelpAssistant” on domain connected systems if appropriate rights are available.(Citation: Kaspersky Flame)(Citation: Kaspersky Flame Functionality) |
| Enterprise | T1011 | .001 | Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth |
Flame has a module named BeetleJuice that contains Bluetooth functionality that may be used in different ways, including transmitting encoded information from the infected system over the Bluetooth protocol, acting as a Bluetooth beacon, and identifying other Bluetooth devices in the vicinity.(Citation: Symantec Beetlejuice) |
| Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
Flame identifies security software such as antivirus through the Security module.(Citation: Kaspersky Flame)(Citation: Kaspersky Flame Functionality) |
| Enterprise | T1218 | .011 | System Binary Proxy Execution: Rundll32 |
Rundll32.exe is used as a way of executing Flame at the command-line.(Citation: Crysys Skywiper) |
References
- Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.
- sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.
- Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.
- Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.