Skip to content

S0204 Briba

Briba is a trojan used by Elderwood to open a backdoor and download files on to compromised hosts. 1 2

Item Value
ID S0204
Associated Names
Version 1.0
Created 18 April 2018
Last Modified 09 February 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder Briba creates run key Registry entries pointing to malicious DLLs dropped to disk.2
enterprise T1543 Create or Modify System Process -
enterprise T1543.003 Windows Service Briba installs a service pointing to a malicious DLL dropped to disk.2
enterprise T1105 Ingress Tool Transfer Briba downloads files onto infected hosts.2
enterprise T1218 System Binary Proxy Execution -
enterprise T1218.011 Rundll32 Briba uses rundll32 within Registry Run Keys / Startup Folder entries to execute malicious DLLs.2

Groups That Use This Software

ID Name References
G0066 Elderwood 1


Back to top