CARROTBALL
CARROTBALL is an FTP downloader utility that has been in use since at least 2019. CARROTBALL has been used as a downloader to install SYSCON.[1]
ID: S0465
ⓘ
Type: TOOL
ⓘ
Platforms: Windows
Version: 1.0
Created: 02 June 2020
Last Modified: 10 June 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .002 | 应用层协议: File Transfer Protocols |
CARROTBALL has the ability to use FTP in C2 communications.[1] |
| Enterprise | T1027 | 混淆文件或信息 |
CARROTBALL has used a custom base64 alphabet to decode files.[1] |
|
| Enterprise | T1204 | .002 | 用户执行: Malicious File |
CARROTBALL has been executed through users being lured into opening malicious e-mail attachments.[1] |
| Enterprise | T1105 | 输入工具传输 |
CARROTBALL has the ability to download and install a remote payload.[1] |
|