SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
WinMM
ID: S0059
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1008 | Fallback Channels |
WinMM is usually configured with primary and backup domains for C2 communications.[1] |
|
Enterprise | T1083 | File and Directory Discovery |
WinMM sets a WH_CBT Windows hook to search for and capture files on the victim.[1] |
|
Enterprise | T1057 | Process Discovery |
WinMM sets a WH_CBT Windows hook to collect information on process creation.[1] |
|
Enterprise | T1082 | System Information Discovery |
WinMM collects the system name, OS version including service pack, and system install date and sends the information to the C2 server.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
WinMM uses NetUser-GetInfo to identify that it is running under an "Admin" account on the local system.[1] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0019 | Naikon |
References
×