TSCookie
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
TSCookie can multiple protocols including HTTP and HTTPS in communication with command and control (C2) servers.(Citation: JPCert BlackTech Malware September 2019)(Citation: JPCert TSCookie March 2018) |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
TSCookie has the ability to execute shell commands on the infected host.(Citation: JPCert TSCookie March 2018) |
| Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
TSCookie has the ability to steal saved passwords from the Internet Explorer, Edge, Firefox, and Chrome browsers.(Citation: JPCert TSCookie March 2018) |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
TSCookie has encrypted network communications with RC4.(Citation: JPCert TSCookie March 2018) |
| Enterprise | T1204 | .001 | User Execution: Malicious Link |
TSCookie has been executed via malicious links embedded in e-mails spoofing the Ministries of Education, Culture, Sports, Science and Technology of Japan.(Citation: JPCert TSCookie March 2018) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.