SpeakUp
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
SpeakUp uses POST and GET requests over HTTP to communicate with its main C&C server. (Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1110 | .001 | Brute Force: Password Guessing |
SpeakUp can perform brute forcing using a pre-defined list of usernames and passwords in an attempt to log in to administrative panels. (Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
SpeakUp uses Python scripts.(Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1132 | .001 | Data Encoding: Standard Encoding |
SpeakUp encodes C&C communication using Base64. (Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
SpeakUp deletes files to remove evidence on the machine. (Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
SpeakUp encodes its second-stage payload with Base64. (Citation: CheckPoint SpeakUp Feb 2019) |
Enterprise | T1053 | .003 | Scheduled Task/Job: Cron |
SpeakUp uses cron tasks to ensure persistence. (Citation: CheckPoint SpeakUp Feb 2019) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.