S0219 WINERACK
WINERACK is a backdoor used by APT37. 1
| Item | Value |
|---|---|
| ID | S0219 |
| Type | MALWARE |
| Version | 1.0 |
| Created | 18 April 2018 |
| Last Modified | 17 October 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1010 | Application Window Discovery | WINERACK can enumerate active windows.1 |
| enterprise | T1059 | Command and Scripting Interpreter | WINERACK can create a reverse shell that utilizes statically-linked Wine cmd.exe code to emulate Windows command prompt commands.1 |
| enterprise | T1083 | File and Directory Discovery | WINERACK can enumerate files and directories.1 |
| enterprise | T1057 | Process Discovery | WINERACK can enumerate processes.1 |
| enterprise | T1082 | System Information Discovery | WINERACK can gather information about the host.1 |
| enterprise | T1033 | System Owner/User Discovery | WINERACK can gather information on the victim username.1 |
| enterprise | T1007 | System Service Discovery | WINERACK can enumerate services.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0067 | APT37 | 1 |