Flagpro
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Flagpro can communicate with its C2 using HTTP.(Citation: NTT Security Flagpro new December 2021) |
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Flagpro has dropped an executable file to the startup directory.(Citation: NTT Security Flagpro new December 2021) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Flagpro can use `cmd.exe` to execute commands received from C2.(Citation: NTT Security Flagpro new December 2021) |
.005 | Command and Scripting Interpreter: Visual Basic |
Flagpro can execute malicious VBA macros embedded in .xlsm files.(Citation: NTT Security Flagpro new December 2021) |
||
Enterprise | T1132 | .001 | Data Encoding: Standard Encoding |
Flagpro has encoded bidirectional data communications between a target system and C2 server using Base64.(Citation: NTT Security Flagpro new December 2021) |
Enterprise | T1069 | .001 | Permission Groups Discovery: Local Groups |
Flagpro has been used to execute the |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Flagpro has been distributed via spearphishing as an email attachment.(Citation: NTT Security Flagpro new December 2021) |
Enterprise | T1614 | .001 | System Location Discovery: System Language Discovery |
Flagpro can check whether the target system is using Japanese, Taiwanese, or English through detection of specific Windows Security and Internet Explorer dialog.(Citation: NTT Security Flagpro new December 2021) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Flagpro has relied on users clicking a malicious attachment delivered through spearphishing.(Citation: NTT Security Flagpro new December 2021) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.