..
Click anywhere to stop
Click anywhere to stop
Class | Trojan |
Platform | Win32 |
Family | Inject |
Full name | Trojan.Win32.Inject.aohmf |
Examples |
CA3311C1497B2F28142D2403FFAE2D0E 494DA86DD3CA69692F2FB503B74A8D6A 2E8DF7020FA1E8313104E23FF1B9AA9B 10DDB2F8D6E88EFD1D1838082411155E 45684A987B6F9A998DEA1D184B95853A |
Updated at | 2024-01-22 14:05:03 |
Tactics & techniques MITRE* |
TA0007 DiscoveryThe adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective. T1518.001 Software Discovery: Security Software DiscoveryAdversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Example commands that can be used to obtain security software information are netsh, reg query with Reg, dir with cmd, and Tasklist, but other indicators of discovery behavior may be more specific to the type of software or security system the adversary is looking for. It is becoming more common to see macOS malware perform checks for LittleSnitch and KnockKnock software.Adversaries may also utilize cloud APIs to discover the configurations of firewall rules within an environment.(Citation: Expel IO Evil in AWS) For example, the permitted IP ranges, ports or user accounts for the inbound/outbound rules of security groups, virtual firewalls established within AWS for EC2 and/or VPC instances, can be revealed by the DescribeSecurityGroups action with various request parameters. (Citation: DescribeSecurityGroups - Amazon Elastic Compute Cloud) |
Find out the statistics of the threats spreading in your region |