DnsSystem
ID: S1021
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 24 June 2022
Last Modified: 01 September 2022
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 |
DnsSystem can upload files from infected machines after receiving a command with |
|
| Enterprise | T1547 | .001 | 启动或登录自动启动执行: Registry Run Keys / Startup Folder |
DnsSystem can write itself to the Startup folder to gain persistence.[1] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1071 | .004 | 应用层协议: DNS |
DnsSystem can direct queries to custom DNS servers and return C2 commands using TXT records.[1] |
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding | |
| Enterprise | T1204 | .002 | 用户执行: Malicious File |
DnsSystem has lured victims into opening macro-enabled Word documents for execution.[1] |
| Enterprise | T1033 | 系统所有者/用户发现 |
DnsSystem can use the Windows user name to create a unique identification for infected users and systems.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
DnsSystem can download files to compromised systems after receiving a command with the string |
|
| Enterprise | T1041 | 通过C2信道渗出 |
DnsSystem can exfiltrate collected data to its C2 server.[1] |
|