..
Click anywhere to stop
Click anywhere to stop
Class | Hoax |
Platform | HTML |
Family | Phish |
Full name | HEUR:Hoax.HTML.Phish.gen |
Examples |
10BD46333243E673E5D53C1293223EC3 F3BD2F514707935324DE90BC8CBF3D97 0A4007C9E1DD22A6BCAE98A736912A66 613459845347AFB99B0D9E032DE79E30 5721D37DB9AC189FE01F23074206B68E |
Updated at | 2023-12-27 03:40:38 |
Tactics & techniques MITRE* |
TA0007 DiscoveryThe adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective. T1082 System Information DiscoveryAn adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tools such as Systeminfo can be used to gather detailed system information. If running with privileged access, a breakdown of system data can be gathered through the systemsetup configuration tool on macOS. As an example, adversaries with user-level access can execute the df -aH command to obtain currently mounted disks and associated freely available space. Adversaries may also leverage a Network Device CLI on network devices to gather detailed system information (e.g. show version ).(Citation: US-CERT-TA18-106A) System Information Discovery combined with information gathered from other forms of discovery and reconnaissance can drive payload development and concealment.(Citation: OSX.FairyTale)(Citation: 20 macOS Common Tools and Techniques)Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the operating system platform and status of a particular instance or the model view of a virtual machine.(Citation: Amazon Describe Instance)(Citation: Google Instances Resource)(Citation: Microsoft Virutal Machine API) TA0009 CollectionThe adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input. T1113 Screen CaptureAdversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
CopyFromScreen , xwd , or screencapture .(Citation: CopyFromScreen .NET)(Citation: Antiquated Mac Malware) |
Find out the statistics of the threats spreading in your region |