BITSAdmin
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1048 | .003 | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol |
BITSAdmin can be used to create BITS Jobs to upload files from a compromised host.(Citation: Microsoft BITSAdmin) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0102 | Wizard Spider |
(Citation: Mandiant FIN12 Oct 2021) |
G0096 | APT41 |
(Citation: FireEye APT41 March 2020) |
G1034 | Daggerfly |
(Citation: Symantec Daggerfly 2023) |
G1001 | HEXANE |
(Citation: Kaspersky Lyceum October 2021) |
G0065 | Leviathan |
(Citation: FireEye Periscope March 2018) |
G0081 | Tropic Trooper |
(Citation: TrendMicro Tropic Trooper Mar 2018) |
G0137 | Ferocious Kitten |
(Citation: Kaspersky Ferocious Kitten Jun 2021) |
References
- Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.
- Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
- Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.
- Threat Hunter Team. (2023, April 20). Daggerfly: APT Actor Targets Telecoms Company in Africa. Retrieved July 25, 2024.
- Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
- Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.
- FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
- Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.
- GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.