LitePower
ID: S0680
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 02 February 2022
Last Modified: 16 April 2022
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .001 | 命令与脚本解释器: PowerShell |
LitePower can use a PowerShell script to execute commands.[1] |
| Enterprise | T1113 | 屏幕捕获 |
LitePower can take system screenshots and save them to |
|
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols | |
| Enterprise | T1106 | 本机API | ||
| Enterprise | T1012 | 查询注册表 |
LitePower can query the Registry for keys added to execute COM hijacking.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
LitePower has the ability to list local drives and enumerate the OS architecture.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
LitePower can determine if the current user has admin privileges.[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery | |
| Enterprise | T1105 | 输入工具传输 |
LitePower has the ability to download payloads containing system commands to a compromised host.[1] |
|
| Enterprise | T1041 | 通过C2信道渗出 |
LitePower can send collected data, including screenshots, over its C2 channel.[1] |
|
| Enterprise | T1053 | .005 | 预定任务/作业: Scheduled Task |
LitePower can create a scheduled task to enable persistence mechanisms.[1] |