S0190 BITSAdmin
BITSAdmin is a command line tool used to create and manage BITS Jobs. 1
| Item | Value |
|---|---|
| ID | S0190 |
| Associated Names | |
| Type | TOOL |
| Version | 1.3 |
| Created | 18 April 2018 |
| Last Modified | 13 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1197 | BITS Jobs | BITSAdmin can be used to create BITS Jobs to launch a malicious process.2 |
| enterprise | T1048 | Exfiltration Over Alternative Protocol | - |
| enterprise | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | BITSAdmin can be used to create BITS Jobs to upload files from a compromised host.1 |
| enterprise | T1105 | Ingress Tool Transfer | BITSAdmin can be used to create BITS Jobs to upload and/or download files.1 |
| enterprise | T1570 | Lateral Tool Transfer | BITSAdmin can be used to create BITS Jobs to upload and/or download files from SMB file servers.3 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0065 | Leviathan | 4 |
| G0081 | Tropic Trooper | 2 |
| G1001 | HEXANE | 5 |
| G0137 | Ferocious Kitten | 6 |
| G0096 | APT41 | 7 |
References
-
Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018. ↩↩↩
-
Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018. ↩↩
-
Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020. ↩
-
FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018. ↩
-
Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022. ↩
-
GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021. ↩
-
Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020. ↩