SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
BlackMould
BlackMould is a web shell based on China Chopper for servers running Microsoft IIS. First reported in December 2019, it has been used in malicious campaigns by GALLIUM against telecommunication providers.[1]
ID: S0564
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 14 January 2021
Last Modified: 23 March 2021
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
BlackMould can send commands to C2 in the body of HTTP POST requests.[1] |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
BlackMould can run cmd.exe with parameters.[1] |
| Enterprise | T1005 | Data from Local System |
BlackMould can copy files on a compromised host.[1] |
|
| Enterprise | T1083 | File and Directory Discovery |
BlackMould has the ability to find files on the targeted system.[1] |
|
| Enterprise | T1105 | Ingress Tool Transfer |
BlackMould has the ability to download files to the victim's machine.[1] |
|
| Enterprise | T1082 | System Information Discovery |
BlackMould can enumerate local drives on a compromised host.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0093 | GALLIUM |
References
×