Skip to content

S0095 ftp

ftp is a utility commonly available with operating systems to transfer information over the File Transfer Protocol (FTP). Adversaries can use it to transfer other tools onto a system or to exfiltrate data.12

Item Value
ID S0095
Associated Names
Type TOOL
Version 2.0
Created 31 May 2017
Last Modified 07 March 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1048 Exfiltration Over Alternative Protocol -
enterprise T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol ftp may be used to exfiltrate data separate from the main command and control protocol.12
enterprise T1105 Ingress Tool Transfer ftp may be abused by adversaries to transfer tools or files from an external system into a compromised environment.12
enterprise T1570 Lateral Tool Transfer ftp may be abused by adversaries to transfer tools or files between systems within a compromised environment.12

Groups That Use This Software

ID Name References
G0064 APT33 3
G0049 OilRig 4
G0019 Naikon 5
G0087 APT39 6
G0096 APT41 7

References

  1. Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022. 

  2. N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022. 

  3. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019. 

  4. Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017. 

  5. Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019. 

  6. FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020. 

  7. Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.