CookieMiner
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .004 | Command and Scripting Interpreter: Unix Shell |
CookieMiner has used a Unix shell script to run a series of commands targeting macOS.(Citation: Unit42 CookieMiner Jan 2019) |
.006 | Command and Scripting Interpreter: Python |
CookieMiner has used python scripts on the user’s system, as well as the Python variant of the Empire agent, EmPyre.(Citation: Unit42 CookieMiner Jan 2019) |
||
Enterprise | T1543 | .001 | Create or Modify System Process: Launch Agent |
CookieMiner has installed multiple new Launch Agents in order to maintain persistence for cryptocurrency mining software.(Citation: Unit42 CookieMiner Jan 2019) |
Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
CookieMiner can steal saved usernames and passwords in Chrome as well as credit card credentials.(Citation: Unit42 CookieMiner Jan 2019) |
Enterprise | T1048 | .003 | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol |
CookieMiner has used the |
Enterprise | T1562 | .004 | Impair Defenses: Disable or Modify System Firewall |
CookieMiner has checked for the presence of "Little Snitch", macOS network monitoring and application firewall software, stopping and exiting if it is found.(Citation: Unit42 CookieMiner Jan 2019) |
Enterprise | T1027 | .010 | Obfuscated Files or Information: Command Obfuscation |
CookieMiner has used base64 encoding to obfuscate scripts on the system.(Citation: Unit42 CookieMiner Jan 2019) |
Enterprise | T1496 | .001 | Resource Hijacking: Compute Hijacking |
CookieMiner has loaded coinmining software onto systems to mine for Koto cryptocurrency. (Citation: Unit42 CookieMiner Jan 2019) |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
CookieMiner has checked for the presence of "Little Snitch", macOS network monitoring and application firewall software, stopping and exiting if it is found.(Citation: Unit42 CookieMiner Jan 2019) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.