Donut
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Donut can use HTTP to download previously staged shellcode payloads.(Citation: Donut Github) |
| Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
Donut can generate shellcode outputs that execute via PowerShell.(Citation: Donut Github) |
| .005 | Command and Scripting Interpreter: Visual Basic |
Donut can generate shellcode outputs that execute via VBScript.(Citation: Donut Github) |
||
| .006 | Command and Scripting Interpreter: Python |
Donut can generate shellcode outputs that execute via Python.(Citation: Donut Github) |
||
| .007 | Command and Scripting Interpreter: JavaScript |
Donut can generate shellcode outputs that execute via JavaScript or JScript.(Citation: Donut Github) |
||
| Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
Donut can patch Antimalware Scan Interface (AMSI), Windows Lockdown Policy (WLDP), as well as exit-related Native API functions to avoid process termination.(Citation: Donut Github) |
| Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
Donut can generate packed code modules.(Citation: Donut Github) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0119 | Indrik Spider |
(Citation: NCC Group WastedLocker June 2020) |
References
- Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.
- The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.
- TheWover. (2019, May 9). donut. Retrieved March 25, 2022.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.