īisonal has the capability to download files to execute on the victim’s machine. īISCUIT has a command to download a file from the C2 server. īendyBear is designed to download an implant from a C2 server.
īBK has the ability to download files from C2 to the infected host. īazar can download and deploy additional payloads, including ransomware and post-exploitation frameworks such as Cobalt Strike.
īankshot uploads files and secondary payloads to the victim's machine. īandook can download files to the system. īadPatch can download and execute or update malware. īADNEWS is capable of downloading additional files through C2 channels, including a new version of itself. īADFLICK has download files from its C2 server. īackdoorDiplomacy has downloaded additional files and tools onto a compromised host. īackConfig can download and execute additional payloads on a compromised host. īabyShark has downloaded additional files from the C2. Azorult has also downloaded a ransomware payload called Hermes. Īzorult can download and execute additional files. Īvenger has the ability to download files from C2 to a compromised host. ĪuditCred can download files and additional malware. Īttor can download additional plugins, updates and other files. Īstaroth uses certutil and BITSAdmin to download additional malware. Īria-body has the ability to download additional payloads from C2. ĪPT41 used certutil to download additional files. ĪPT39 has downloaded tools to compromised hosts. ĪPT38 used a backdoor, NESTEGG, that has the capability to download and upload files to and from a victim’s machine. ĪPT37 has downloaded second stage malware from compromised websites. ĪPT33 has downloaded additional files and programs from its C2 server. ĪPT32 has added JavaScript to victim websites to download additional frameworks that profile and compromise website visitors. ĪPT3 has a tool that can copy files to remote machines. ĪPT29 has downloaded additional tools, such as TEARDROP malware and Cobalt Strike, to a compromised host following initial access. ĪPT28 has downloaded additional files, including by using a first-stage downloader to contact the C2 server to obtain the second-stage implant. ĪPT18 can upload a file to the victim’s machine. ĪPT-C-36 has downloaded binary data from a specified domain after the malicious document is opened. Īndariel has downloaded additional tools and malware onto compromised hosts. Ījax Security Team has used Wrapper/Gholee, custom-developed malware, which downloaded additional malware to the infected system. Īgent.btz attempts to download an encrypted binary from a specified domain. Īgent Tesla can download additional files for execution on the victim’s machine. ABK has the ability to download files from C2.
0 kommentar(er)
