PcShare
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
PcShare has used HTTP for C2 communication.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
PcShare can execute `cmd` commands on a compromised host.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1546 | .015 | Event Triggered Execution: Component Object Model Hijacking |
PcShare has created the `HKCU\\Software\\Classes\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32` Registry key for persistence.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
PcShare has deleted its files and components from a compromised host.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1056 | .001 | Input Capture: Keylogging |
PcShare has the ability to capture keystrokes.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1036 | .001 | Masquerading: Invalid Code Signature |
PcShare has used an invalid certificate in attempt to appear legitimate.(Citation: Bitdefender FunnyDream Campaign November 2020) |
.005 | Masquerading: Match Legitimate Name or Location |
PcShare has been named `wuauclt.exe` to appear as the legitimate Windows Update AutoUpdate Client.(Citation: Bitdefender FunnyDream Campaign November 2020) |
||
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
PcShare has been encrypted with XOR using different 32-long Base16 strings and compressed with LZW algorithm.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Enterprise | T1218 | .011 | System Binary Proxy Execution: Rundll32 |
PcShare has used `rundll32.exe` for execution.(Citation: Bitdefender FunnyDream Campaign November 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.