ccf32
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1560 | .001 | Archive Collected Data: Archive via Utility |
ccf32 has used `xcopy \\ |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
ccf32 has used `cmd.exe` for archiving data and deleting files.(Citation: Bitdefender FunnyDream Campaign November 2020) |
| Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
ccf32 can temporarily store files in a hidden directory on the local host.(Citation: Bitdefender FunnyDream Campaign November 2020) |
| .002 | Data Staged: Remote Data Staging |
ccf32 has copied files to a remote machine infected with Chinoxy or another backdoor.(Citation: Bitdefender FunnyDream Campaign November 2020) |
||
| Enterprise | T1048 | .003 | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol |
ccf32 can upload collected data and files to an FTP server.(Citation: Bitdefender FunnyDream Campaign November 2020) |
| Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
ccf32 has created a hidden directory on targeted systems, naming it after the current local time (year, month, and day).(Citation: Bitdefender FunnyDream Campaign November 2020) |
| Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
ccf32 can delete files and folders from compromised machines.(Citation: Bitdefender FunnyDream Campaign November 2020) |
| Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
ccf32 can run on a daily basis using a scheduled task.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.