StealBit
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
StealBit can use HTTP to exfiltrate files to actor-controlled infrastructure.(Citation: FBI Lockbit 2.0 FEB 2022)(Citation: Cybereason StealBit Exfiltration Tool) |
Enterprise | T1562 | .006 | Impair Defenses: Indicator Blocking |
StealBit can configure processes to not display certain Windows error messages by through use of the `NtSetInformationProcess`.(Citation: Cybereason StealBit Exfiltration Tool) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
StealBit can self-delete its executable file from the compromised system.(Citation: Cybereason StealBit Exfiltration Tool)(Citation: FBI Lockbit 2.0 FEB 2022) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
StealBit stores obfuscated DLL file names in its executable.(Citation: Cybereason StealBit Exfiltration Tool) |
Enterprise | T1614 | .001 | System Location Discovery: System Language Discovery |
StealBit can determine system location based on the default language setting and will not execute on systems located in former Soviet countries.(Citation: Cybereason StealBit Exfiltration Tool) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.