down_new
down_new is a downloader that has been used by BRONZE BUTLER since at least 2019.[1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
down_new has the ability to AES encrypt C2 communications.[1] |
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
down_new has the ability to use HTTP in C2 communications.[1] |
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding |
down_new has the ability to base64 encode C2 communications.[1] |
| Enterprise | T1083 | 文件和目录发现 |
down_new has the ability to list the directories on a compromised host.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
down_new has the ability to identify the system volume information of a compromised host.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
down_new has the ability to identify the MAC address of a compromised host.[1] |
|
| Enterprise | T1518 | 软件发现 |
down_new has the ability to gather information on installed applications.[1] |
|
| .001 | Security Software Discovery |
down_new has the ability to detect anti-virus products and processes on a compromised host.[1] |
||
| Enterprise | T1105 | 输入工具传输 |
down_new has the ability to download files to the compromised host.[1] |
|
| Enterprise | T1057 | 进程发现 |
down_new has the ability to list running processes on a compromised host.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0060 | BRONZE BUTLER |