EnvyScout
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
EnvyScout can use cmd.exe to execute malicious files on compromised hosts.(Citation: MSTIC Nobelium Toolset May 2021) |
.007 | Command and Scripting Interpreter: JavaScript |
EnvyScout can write files to disk with JavaScript using a modified version of the open-source tool FileSaver.(Citation: MSTIC Nobelium Toolset May 2021) |
||
Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
EnvyScout can use hidden directories and files to hide malicious executables.(Citation: MSTIC Nobelium Toolset May 2021) |
Enterprise | T1027 | .006 | Obfuscated Files or Information: HTML Smuggling |
EnvyScout contains JavaScript code that can extract an encoded blob from its HTML body and write it to disk.(Citation: MSTIC Nobelium Toolset May 2021) |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
EnvyScout can Base64 encode payloads.(Citation: MSTIC Nobelium Toolset May 2021) |
||
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
EnvyScout has been distributed via spearphishing as an email attachment.(Citation: MSTIC Nobelium Toolset May 2021) |
Enterprise | T1218 | .011 | System Binary Proxy Execution: Rundll32 |
EnvyScout has the ability to proxy execution of malicious files with Rundll32.(Citation: MSTIC Nobelium Toolset May 2021) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
EnvyScout has been executed through malicious files attached to e-mails.(Citation: MSTIC Nobelium Toolset May 2021) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.