Keydnap
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| OSX/Keydnap | (Citation: OSX Keydnap malware) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1548 | .001 | Abuse Elevation Control Mechanism: Setuid and Setgid |
Keydnap adds the setuid flag to a binary so it can easily elevate in the future.(Citation: OSX Keydnap malware) |
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Keydnap uses HTTPS for command and control.(Citation: synack 2016 review) |
| Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
Keydnap uses Python for scripting to execute additional commands.(Citation: synack 2016 review) |
| Enterprise | T1543 | .001 | Create or Modify System Process: Launch Agent |
Keydnap uses a Launch Agent to persist.(Citation: synack 2016 review) |
| Enterprise | T1555 | .002 | Credentials from Password Stores: Securityd Memory |
Keydnap uses the keychaindump project to read securityd memory.(Citation: synack 2016 review) |
| Enterprise | T1564 | .009 | Hide Artifacts: Resource Forking |
Keydnap uses a resource fork to present a macOS JPEG or text file icon rather than the executable's icon assigned by the operating system.(Citation: OSX Keydnap malware) |
| Enterprise | T1056 | .002 | Input Capture: GUI Input Capture |
Keydnap prompts the users for credentials.(Citation: synack 2016 review) |
| Enterprise | T1036 | .006 | Masquerading: Space after Filename |
Keydnap puts a space after a false .jpg extension so that execution actually goes through the Terminal.app program.(Citation: synack 2016 review) |
| Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
Keydnap uses a copy of tor2web proxy for HTTPS communications.(Citation: synack 2016 review) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.