NDiskMonitor
NDiskMonitor is a custom backdoor written in .NET that appears to be unique to Patchwork. [1]
ID: S0272
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
NDiskMonitor uses AES to encrypt certain information sent over its C2 channel.[1] |
| Enterprise | T1083 | 文件和目录发现 |
NDiskMonitor can obtain a list of all files and directories as well as logical drives.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
NDiskMonitor obtains the victim computer name and encrypts the information to send over its C2 channel.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
NDiskMonitor obtains the victim username and encrypts the information to send over its C2 channel.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
NDiskMonitor can download and execute a file from given URL.[1] |
|