Scribd
Upload
63 views4 pages

Cybersecurity Threat Analysis

Uploaded by

test12test12test1234test
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
63 views4 pages

Cybersecurity Threat Analysis

Uploaded by

test12test12test1234test
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

-----------------------

+----------------------------------------------------------------------------------
---
¦ md5 ¦ 3b9d26d2e7433749f2c32edb13a2b0a2
¦
¦ sha1 ¦ 969437df8f4ad08542ce8fc9831fc49a7765b7c5
¦
¦ sha256 ¦
ae7bc6b6f6ecb206a7b957e4bb86e0d11845c5b2d9f7a00a482bef63b567ce4c
¦
¦ analysis ¦ static
¦
¦ os ¦ windows
¦
¦ format ¦ pe
¦
¦ arch ¦ i386
¦
¦ path ¦ C:\Users\Administrator\Desktop\capa
¦
------------------------
+----------------------------------------------------------------------------------
--

------------------------
+----------------------------------------------------------------------------------
--
¦ ATT&CK Tactic ¦ ATT&CK Technique
¦
------------------------
+----------------------------------------------------------------------------------
--
¦ DEFENSE EVASION ¦ Obfuscated Files or Information T1027
¦
¦ ¦ Obfuscated Files or Information::Indicator Removal from
Tools T1027.005 ¦
¦ ¦ Virtualization/Sandbox Evasion::System Checks T1497.001
¦
+------------------------
+----------------------------------------------------------------------------------
--¦
¦ DISCOVERY ¦ File and Directory Discovery T1083
¦
+------------------------
+----------------------------------------------------------------------------------
--¦
¦ EXECUTION ¦ Command and Scripting Interpreter::PowerShell T1059.001
¦
¦ ¦ Shared Modules T1129
¦
+------------------------
+----------------------------------------------------------------------------------
--¦
¦ IMPACT ¦ Resource Hijacking T1496
¦
+------------------------
+----------------------------------------------------------------------------------
--¦
¦ PERSISTENCE ¦ Scheduled Task/Job::At T1053.002
¦
¦ ¦ Scheduled Task/Job::Scheduled Task T1053.005
¦
------------------------
+----------------------------------------------------------------------------------
--

------------------------
+----------------------------------------------------------------------------------
--
¦ MAEC Category ¦ MAEC Value
¦
------------------------
+----------------------------------------------------------------------------------
--
¦ malware-category ¦ launcher
¦
------------------------
+----------------------------------------------------------------------------------
--

------------------------
+----------------------------------------------------------------------------------
--
¦ MBC Objective ¦ MBC Behavior
¦
------------------------
+----------------------------------------------------------------------------------
--
¦ ANTI-BEHAVIORAL ANALYSIS ¦ Virtual Machine Detection [B0009]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ ANTI-STATIC ANALYSIS ¦ Executable Code Obfuscation::Argument Obfuscation
[B0032.020] ¦
¦ ¦ Executable Code Obfuscation::Stack Strings
[B0032.017] ¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ COMMUNICATION ¦ HTTP Communication [C0002]
¦
¦ ¦ HTTP Communication::Read Header [C0002.014]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ DATA ¦ Check String [C0019]
¦
¦ ¦ Encode Data::Base64 [C0026.001]
¦
¦ ¦ Encode Data::XOR [C0026.002]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ DEFENSE EVASION ¦ Obfuscated Files or Information::Encoding-Standard
Algorithm [E1027.m02] ¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ DISCOVERY ¦ File and Directory Discovery [E1083]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ EXECUTION ¦ Command and Scripting Interpreter [E1059]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ FILE SYSTEM ¦ Create Directory [C0046]
¦
¦ ¦ Delete File [C0047]
¦
¦ ¦ Read File [C0051]
¦
¦ ¦ Writes File [C0052]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ MEMORY ¦ Allocate Memory [C0007]
¦
+-----------------------------
+-------------------------------------------------------------------------------¦
¦ PROCESS ¦ Create Process [C0017]
¦
------------------------
+----------------------------------------------------------------------------------
--

------------------------
+----------------------------------------------------------------------------------
--
¦ Capability ¦ Namespace
¦
------------------------
+----------------------------------------------------------------------------------
--
¦ reference anti-VM strings ¦ anti-analysis/anti-vm/vm-
detection ¦
¦ reference anti-VM strings targeting VMWare ¦ anti-analysis/anti-vm/vm-
detection ¦
¦ reference anti-VM strings targeting VirtualBox ¦ anti-analysis/anti-vm/vm-
detection ¦
¦ contain obfuscated stackstrings (2 matches) ¦
anti-analysis/obfuscation/string/stackstring ¦
¦ reference HTTP User-Agent string ¦ communication/http
¦
¦ check HTTP status code ¦ communication/http/client
¦
¦ reference Base64 string ¦
data-manipulation/encoding/base64 ¦
¦ encode data using XOR ¦
data-manipulation/encoding/xor ¦
¦ contain a thread local storage (.tls) section ¦ executable/pe/section/tls
¦
¦ get common file path ¦ host-interaction/file-
system ¦
¦ create directory ¦ host-interaction/file-
system/create ¦
¦ delete file ¦ host-interaction/file-
system/delete ¦
¦ read file on Windows (4 matches) ¦ host-interaction/file-
system/read ¦
¦ write file on Windows (5 matches) ¦ host-interaction/file-
system/write ¦
¦ get thread local storage value ¦ host-interaction/process
¦
¦ create process on Windows ¦
host-interaction/process/create ¦
¦ allocate or change RWX memory ¦
host-interaction/process/inject ¦
¦ reference cryptocurrency strings ¦ impact/cryptocurrency
¦
¦ link function at runtime on Windows (5 matches) ¦ linking/runtime-linking
¦
¦ parse PE header (4 matches) ¦ load-code/pe
¦
¦ resolve function by parsing PE exports (186 matches) ¦ load-code/pe
¦
¦ run PowerShell expression ¦ load-code/powershell/
¦
¦ schedule task via at ¦ persistence/scheduled-
tasks ¦
¦ schedule task via schtasks ¦ persistence/scheduled-
tasks ¦
------------------------
+----------------------------------------------------------------------------------
--

You might also like