Hildegard
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .004 | Command and Scripting Interpreter: Unix Shell |
Hildegard has used shell scripts for execution.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1136 | .001 | Create Account: Local Account |
Hildegard has created a user named “monerodaemon”.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1543 | .002 | Create or Modify System Process: Systemd Service |
Hildegard has started a monero service.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1574 | .006 | Hijack Execution Flow: Dynamic Linker Hijacking |
Hildegard has modified /etc/ld.so.preload to intercept shared library import functions.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
Hildegard has modified DNS resolvers to evade DNS monitoring tools.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1070 | .003 | Indicator Removal: Clear Command History |
Hildegard has used history -c to clear script shell logs.(Citation: Unit 42 Hildegard Malware) |
.004 | Indicator Removal: File Deletion |
Hildegard has deleted scripts after execution.(Citation: Unit 42 Hildegard Malware) |
||
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
Hildegard has disguised itself as a known Linux process.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
Hildegard has packed ELF files into other binaries.(Citation: Unit 42 Hildegard Malware) |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
Hildegard has encrypted an ELF file.(Citation: Unit 42 Hildegard Malware) |
||
Enterprise | T1496 | .001 | Resource Hijacking: Compute Hijacking |
Hildegard has used xmrig to mine cryptocurrency.(Citation: Unit 42 Hildegard Malware) |
Enterprise | T1552 | .001 | Unsecured Credentials: Credentials In Files |
Hildegard has searched for SSH keys, Docker credentials, and Kubernetes service tokens.(Citation: Unit 42 Hildegard Malware) |
.004 | Unsecured Credentials: Private Keys |
Hildegard has searched for private keys in .ssh.(Citation: Unit 42 Hildegard Malware) |
||
.005 | Unsecured Credentials: Cloud Instance Metadata API |
Hildegard has queried the Cloud Instance Metadata API for cloud credentials.(Citation: Unit 42 Hildegard Malware) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.