Linfo
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 |
Linfo creates a backdoor through which remote attackers can obtain data from local systems.[2] |
|
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell |
Linfo creates a backdoor through which remote attackers can start a remote shell.[2] |
| Enterprise | T1008 | 回退信道 |
Linfo creates a backdoor through which remote attackers can change C2 servers.[2] |
|
| Enterprise | T1083 | 文件和目录发现 |
Linfo creates a backdoor through which remote attackers can list contents of drives and search for files.[2] |
|
| Enterprise | T1070 | .004 | 移除指标: File Deletion |
Linfo creates a backdoor through which remote attackers can delete files.[2] |
| Enterprise | T1082 | 系统信息发现 |
Linfo creates a backdoor through which remote attackers can retrieve system information.[2] |
|
| Enterprise | T1105 | 输入工具传输 |
Linfo creates a backdoor through which remote attackers can download files onto compromised hosts.[2] |
|
| Enterprise | T1057 | 进程发现 |
Linfo creates a backdoor through which remote attackers can retrieve a list of running processes.[2] |
|
| Enterprise | T1029 | 预定传输 |
Linfo creates a backdoor through which remote attackers can change the frequency at which compromised hosts contact remote C2 infrastructure.[2] |
|