Skip to content

S0219 WINERACK

WINERACK is a backdoor used by APT37. 1

Item Value
ID S0219
Type MALWARE
Version 1.0
Created 18 April 2018
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1010 Application Window Discovery WINERACK can enumerate active windows.1
enterprise T1059 Command and Scripting Interpreter WINERACK can create a reverse shell that utilizes statically-linked Wine cmd.exe code to emulate Windows command prompt commands.1
enterprise T1083 File and Directory Discovery WINERACK can enumerate files and directories.1
enterprise T1057 Process Discovery WINERACK can enumerate processes.1
enterprise T1082 System Information Discovery WINERACK can gather information about the host.1
enterprise T1033 System Owner/User Discovery WINERACK can gather information on the victim username.1
enterprise T1007 System Service Discovery WINERACK can enumerate services.1

Groups That Use This Software

ID Name References
G0067 APT37 1

References

Back to top