ABK
ABK is a downloader that has been used by BRONZE BUTLER since at least 2019.[1]
ID: S0469
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 10 June 2020
Last Modified: 24 June 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1140 | 反混淆/解码文件或信息 | ||
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell |
ABK has the ability to use cmd to run a Portable Executable (PE) on the compromised host.[1] |
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
ABK has the ability to use HTTP in communications with C2.[1] |
| Enterprise | T1027 | .003 | 混淆文件或信息: Steganography |
ABK can extract a malicious Portable Executable (PE) from a photo.[1] |
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
ABK has the ability to identify the installed anti-virus product on the compromised host.[1] |
| Enterprise | T1105 | 输入工具传输 | ||
| Enterprise | T1055 | 进程注入 |
ABK has the ability to inject shellcode into svchost.exe.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0060 | BRONZE BUTLER |