BLINDINGCAN
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
BLINDINGCAN has used HTTPS over port 443 for command and control.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
BLINDINGCAN has executed commands via cmd.exe.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1132 | .001 | Data Encoding: Standard Encoding |
BLINDINGCAN has encoded its C2 traffic with Base64.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
BLINDINGCAN has encrypted its C2 traffic with RC4.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
BLINDINGCAN has deleted itself and associated artifacts from victim machines.(Citation: US-CERT BLINDINGCAN Aug 2020) |
.006 | Indicator Removal: Timestomp |
BLINDINGCAN has modified file and directory timestamps.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020) |
||
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
BLINDINGCAN has attempted to hide its payload by using legitimate file names such as "iconcache.db".(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
BLINDINGCAN has been packed with the UPX packer.(Citation: US-CERT BLINDINGCAN Aug 2020) |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
BLINDINGCAN has obfuscated code using Base64 encoding.(Citation: US-CERT BLINDINGCAN Aug 2020) |
||
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
BLINDINGCAN has been delivered by phishing emails containing malicious Microsoft Office documents.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
BLINDINGCAN has been signed with code-signing certificates such as CodeRipper.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1218 | .011 | System Binary Proxy Execution: Rundll32 |
BLINDINGCAN has used Rundll32 to load a malicious DLL.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
BLINDINGCAN has lured victims into executing malicious macros embedded within Microsoft Office documents.(Citation: US-CERT BLINDINGCAN Aug 2020) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0032 | Lazarus Group |
(Citation: US-CERT BLINDINGCAN Aug 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.