S0040 HTRAN
HTRAN is a tool that proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks. 12
| Item | Value |
|---|---|
| ID | S0040 |
| Associated Names | HUC Packet Transmit Tool |
| Type | TOOL |
| Version | 1.2 |
| Created | 31 May 2017 |
| Last Modified | 23 April 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Associated Software Descriptions
| Name | Description |
|---|---|
| HUC Packet Transmit Tool | 1 |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1055 | Process Injection | HTRAN can inject into into running processes.2 |
| enterprise | T1090 | Proxy | HTRAN can proxy TCP socket connections to obfuscate command and control infrastructure.12 |
| enterprise | T1014 | Rootkit | HTRAN can install a rootkit to hide network connections from the host OS.2 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0005 | APT12 | 3 |
| G0093 | GALLIUM | 45 |
References
-
Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015. ↩↩↩
-
The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019. ↩↩↩↩
-
Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019. ↩
-
Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019. ↩
-
MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021. ↩