xCaon
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 | ||
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
xCaon has encrypted data sent to the C2 server using a XOR key.[1] |
| Enterprise | T1140 | 反混淆/解码文件或信息 |
xCaon has decoded strings from the C2 server before executing commands.[1] |
|
| Enterprise | T1547 | 启动或登录自动启动执行 |
xCaon has added persistence via the Registry key |
|
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
xCaon has communicated with the C2 server by sending POST requests over HTTP.[1] |
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding | |
| Enterprise | T1106 | 本机API |
xCaon has leveraged native OS function calls to retrieve victim's network adapter's information using GetAdapterInfo() API.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
xCaon has used the GetAdaptersInfo() API call to get the victim's MAC address.[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
xCaon has checked for the existence of Kaspersky antivirus software on the system.[1] |
| Enterprise | T1105 | 输入工具传输 |
xCaon has a command to download files to the victim's machine.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0136 | IndigoZebra |