SpeakUp
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | 命令与脚本解释器 | ||
| .006 | Python | |||
| Enterprise | T1203 | 客户端执行漏洞利用 |
SpeakUp attempts to exploit the following vulnerabilities in order to execute its malicious script: CVE-2012-0874, CVE-2010-1871, CVE-2017-10271, CVE-2018-2894, CVE-2016-3088, JBoss AS 3/4/5/6, and the Hadoop YARN ResourceManager. [1] |
|
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
SpeakUp uses POST and GET requests over HTTP to communicate with its main C&C server. [1] |
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding | |
| Enterprise | T1110 | .001 | 暴力破解: Password Guessing |
SpeakUp can perform brute forcing using a pre-defined list of usernames and passwords in an attempt to log in to administrative panels. [1] |
| Enterprise | T1027 | .013 | 混淆文件或信息: Encrypted/Encoded File | |
| Enterprise | T1070 | .004 | 移除指标: File Deletion |
SpeakUp deletes files to remove evidence on the machine. [1] |
| Enterprise | T1082 | 系统信息发现 |
SpeakUp uses the |
|
| Enterprise | T1033 | 系统所有者/用户发现 | ||
| Enterprise | T1049 | 系统网络连接发现 | ||
| Enterprise | T1016 | 系统网络配置发现 | ||
| Enterprise | T1046 | 网络服务发现 |
SpeakUp checks for availability of specific ports on servers.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
SpeakUp downloads and executes additional files from a remote server. [1] |
|
| Enterprise | T1053 | .003 | 预定任务/作业: Cron | |