Aria-body
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1134 | .001 | Access Token Manipulation: Token Impersonation/Theft |
Aria-body has the ability to duplicate a token from ntprint.exe.(Citation: CheckPoint Naikon May 2020) |
.002 | Access Token Manipulation: Create Process with Token |
Aria-body has the ability to execute a process using |
||
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Aria-body has used HTTP in C2 communications.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Aria-body has established persistence via the Startup folder or Run Registry key.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1568 | .002 | Dynamic Resolution: Domain Generation Algorithms |
Aria-body has the ability to use a DGA for C2 communications.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
Aria-body has the ability to delete files and directories on compromised hosts.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
Aria-body has used an encrypted configuration file for its loader.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1055 | .001 | Process Injection: Dynamic-link Library Injection |
Aria-body has the ability to inject itself into another process such as rundll32.exe and dllhost.exe.(Citation: CheckPoint Naikon May 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.