KGH_SPY
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
KGH_SPY can send data to C2 with HTTP POST requests.(Citation: Cybereason Kimsuky November 2020) |
Enterprise | T1037 | .001 | Boot or Logon Initialization Scripts: Logon Script (Windows) |
KGH_SPY has the ability to set the |
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
KGH_SPY can execute PowerShell commands on the victim's machine.(Citation: Cybereason Kimsuky November 2020) |
.003 | Command and Scripting Interpreter: Windows Command Shell |
KGH_SPY has the ability to set a Registry key to run a cmd.exe command.(Citation: Cybereason Kimsuky November 2020) |
||
Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
KGH_SPY has the ability to steal data from the Chrome, Edge, Firefox, Thunderbird, and Opera browsers.(Citation: Cybereason Kimsuky November 2020) |
.004 | Credentials from Password Stores: Windows Credential Manager |
KGH_SPY can collect credentials from the Windows Credential Manager.(Citation: Cybereason Kimsuky November 2020) |
||
Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
KGH_SPY can save collected system information to a file named "info" before exfiltration.(Citation: Cybereason Kimsuky November 2020) |
Enterprise | T1114 | .001 | Email Collection: Local Email Collection |
KGH_SPY can harvest data from mail clients.(Citation: Cybereason Kimsuky November 2020) |
Enterprise | T1056 | .001 | Input Capture: Keylogging |
KGH_SPY can perform keylogging by polling the |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
KGH_SPY has masqueraded as a legitimate Windows tool.(Citation: Cybereason Kimsuky November 2020) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
KGH_SPY has used encrypted strings in its installer.(Citation: Cybereason Kimsuky November 2020) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
KGH_SPY has been spread through Word documents containing malicious macros.(Citation: Cybereason Kimsuky November 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.