Suckfly
ID: G0039
Version: 1.1
Created: 31 May 2017
Last Modified: 15 April 2022
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell |
Several tools used by Suckfly have been command-line driven.[2] |
| Enterprise | T1003 | 操作系统凭证转储 |
Suckfly used a signed credential-dumping tool to obtain victim account credentials.[2] |
|
| Enterprise | T1078 | 有效账户 |
Suckfly used legitimate account credentials that they dumped to navigate the internal victim network as though they were the legitimate account owner.[2] |
|
| Enterprise | T1046 | 网络服务发现 |
Suckfly the victim's internal network for hosts with ports 8080, 5900, and 40 open.[2] |
|
| Enterprise | T1553 | .002 | 颠覆信任控制: Code Signing |
Suckfly has used stolen certificates to sign its malware.[1] |
Software
| ID | Name | References | Techniques |
|---|---|---|---|
| S0118 | Nidiran | [1][2] | 伪装: Masquerade Task or Service, 创建或修改系统进程: Windows Service, 输入工具传输 |