BISCUIT
ID: S0017
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.3
Created: 31 May 2017
Last Modified: 26 December 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1573 | .002 | 加密通道: Asymmetric Cryptography | |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell |
BISCUIT has a command to launch a command shell on the system.[2] |
| Enterprise | T1008 | 回退信道 |
BISCUIT malware contains a secondary fallback command and control server that is contacted after the primary command and control server.[1][2] |
|
| Enterprise | T1113 | 屏幕捕获 |
BISCUIT has a command to periodically take screenshots of the system.[2] |
|
| Enterprise | T1082 | 系统信息发现 |
BISCUIT has a command to collect the processor type, operation system, computer name, and whether the system is a laptop or PC.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
BISCUIT has a command to gather the username from the system.[2] |
|
| Enterprise | T1124 | 系统时间发现 | ||
| Enterprise | T1105 | 输入工具传输 |
BISCUIT has a command to download a file from the C2 server.[2] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging | |
| Enterprise | T1057 | 进程发现 |
BISCUIT has a command to enumerate running processes and identify their owners.[2] |
|