Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Several tools used by Suckfly have been command-line driven.[2] |
Enterprise | T1046 | Network Service Scanning |
Suckfly the victim's internal network for hosts with ports 8080, 5900, and 40 open.[2] |
|
Enterprise | T1003 | OS Credential Dumping |
Suckfly used a signed credential-dumping tool to obtain victim account credentials.[2] |
|
Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
Suckfly has used stolen certificates to sign its malware.[1] |
Enterprise | T1078 | Valid Accounts |
Suckfly used legitimate account credentials that they dumped to navigate the internal victim network as though they were the legitimate account owner.[2] |
ID | Name | References | Techniques |
---|---|---|---|
S0118 | Nidiran | [1][2] | Commonly Used Port, Create or Modify System Process: Windows Service, Ingress Tool Transfer, Masquerading: Masquerade Task or Service |