TinyZBot

TinyZBot is a bot written in C# that was developed by Cleaver. ^[1]

ID: S0004

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Version: 1.1

Created: 31 May 2017

Last Modified: 22 July 2022

Techniques Used

Domain	ID		Name	Use
Enterprise	T1543	.003	创建或修改系统进程: Windows Service	TinyZBot can install as a Windows service for persistence.^[1]
Enterprise	T1115		剪贴板数据	TinyZBot contains functionality to collect information from the clipboard.^[1]
Enterprise	T1547	.001	启动或登录自动启动执行: Registry Run Keys / Startup Folder	TinyZBot can create a shortcut in the Windows startup folder for persistence.^[1]
		.009	启动或登录自动启动执行: Shortcut Modification	TinyZBot can create a shortcut in the Windows startup folder for persistence.^[1]
Enterprise	T1059	.003	命令与脚本解释器: Windows Command Shell	TinyZBot supports execution from the command-line.^[1]
Enterprise	T1562	.001	妨碍防御: Disable or Modify Tools	TinyZBot can disable Avira anti-virus.^[1]
Enterprise	T1113		屏幕捕获	TinyZBot contains screen capture functionality.^[1]
Enterprise	T1056	.001	输入捕获: Keylogging	TinyZBot contains keylogger functionality.^[1]

Groups That Use This Software

ID	Name	References
G0003	Cleaver	^[1]

References

Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.