Bonadan
ID: S0486
ⓘ
Type: MALWARE
ⓘ
Platforms: Linux
Version: 1.0
Created: 16 July 2020
Last Modified: 10 August 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1554 | 主机软件二进制文件妥协 |
Bonadan has maliciously altered the OpenSSH binary on targeted systems to create a backdoor.[1] |
|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography | |
| Enterprise | T1059 | 命令与脚本解释器 |
Bonadan can create bind and reverse shells on the infected system.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
Bonadan has discovered the OS version, CPU model, and RAM size of the system it has been installed on.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
Bonadan has discovered the username of the user running the backdoor.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
Bonadan can find the external IP address of the infected host.[1] |
|
| Enterprise | T1496 | .001 | 资源劫持: Compute Hijacking |
Bonadan can download an additional module which has a cryptocurrency mining extension.[1] |
| Enterprise | T1105 | 输入工具传输 |
Bonadan can download additional modules from the C2 server.[1] |
|
| Enterprise | T1057 | 进程发现 |
Bonadan can use the |
|