IronNetInjector
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
IronNetInjector can use IronPython scripts to load payloads with the help of a .NET injector.(Citation: Unit 42 IronNetInjector February 2021 ) |
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
IronNetInjector has been disguised as a legitimate service using the name PythonUpdateSrvc.(Citation: Unit 42 IronNetInjector February 2021 ) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
IronNetInjector can obfuscate variable names, encrypt strings, as well as base64 encode and Rijndael encrypt payloads.(Citation: Unit 42 IronNetInjector February 2021 ) |
Enterprise | T1055 | .001 | Process Injection: Dynamic-link Library Injection |
IronNetInjector has the ability to inject a DLL into running processes, including the IronNetInjector DLL into explorer.exe.(Citation: Unit 42 IronNetInjector February 2021 ) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
IronNetInjector has used a task XML file named |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.