Lucifer
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Lucifer can persist by setting Registry key values |
Enterprise | T1110 | .001 | Brute Force: Password Guessing |
Lucifer has attempted to brute force TCP ports 135 (RPC) and 1433 (MSSQL) with the default username or list of usernames and passwords.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Lucifer can issue shell commands to download and execute additional payloads.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
Lucifer can perform a decremental-xor encryption on the initial C2 request before sending it over the wire.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1070 | .001 | Indicator Removal: Clear Windows Event Logs |
Lucifer can clear and remove event logs.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
Lucifer has used UPX packed binaries.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
Lucifer can infect victims by brute forcing SMB.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1496 | .001 | Resource Hijacking: Compute Hijacking |
Lucifer can use system resources to mine cryptocurrency, dropping XMRig to mine Monero.(Citation: Unit 42 Lucifer June 2020) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
Lucifer has established persistence by creating the following scheduled task |
Enterprise | T1497 | .001 | Virtualization/Sandbox Evasion: System Checks |
Lucifer can check for specific usernames, computer names, device drivers, DLL's, and virtual devices associated with sandboxed environments and can enter an infinite loop and stop itself if any are detected.(Citation: Unit 42 Lucifer June 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.