KEYMARBLE
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1112 | 修改注册表 |
KEYMARBLE has a command to create Registry entries for storing data under |
|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
KEYMARBLE uses a customized XOR algorithm to encrypt C2 communications.[1] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1113 | 屏幕捕获 |
KEYMARBLE can capture screenshots of the victim’s machine.[1] |
|
| Enterprise | T1083 | 文件和目录发现 |
KEYMARBLE has a command to search for files on the victim’s machine.[1] |
|
| Enterprise | T1070 | .004 | 移除指标: File Deletion |
KEYMARBLE has the capability to delete files off the victim’s machine.[1] |
| Enterprise | T1082 | 系统信息发现 |
KEYMARBLE has the capability to collect the computer name, language settings, the OS version, CPU information, disk devices, and time elapsed since system start.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
KEYMARBLE gathers the MAC address of the victim’s machine.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
KEYMARBLE can upload files to the victim’s machine and can download additional payloads.[1] |
|
| Enterprise | T1057 | 进程发现 |
KEYMARBLE can obtain a list of running processes on the system.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0032 | Lazarus Group |