Name | Description |
---|---|
Backdoor.APT.CookieCutter | |
Pirpi |
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1087 | .001 | Account Discovery: Local Account |
SHOTPUT has a command to retrieve information about connected users.[3] |
Enterprise | T1083 | File and Directory Discovery | ||
Enterprise | T1027 | Obfuscated Files or Information |
SHOTPUT is obscured using XOR encoding and appended to a valid GIF file.[1][3] |
|
Enterprise | T1057 | Process Discovery | ||
Enterprise | T1018 | Remote System Discovery |
SHOTPUT has a command to list all servers in the domain, as well as one to locate domain controllers on a domain.[3] |
|
Enterprise | T1049 | System Network Connections Discovery |
ID | Name | References |
---|---|---|
G0022 | APT3 |