S0460 Get2
Get2 is a downloader written in C++ that has been used by TA505 to deliver FlawedGrace, FlawedAmmyy, Snatch and SDBbot.1
| Item | Value |
|---|---|
| ID | S0460 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 29 May 2020 |
| Last Modified | 16 June 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1071 | Application Layer Protocol | - |
| enterprise | T1071.001 | Web Protocols | Get2 has the ability to use HTTP to send information collected from an infected host to C2.1 |
| enterprise | T1059 | Command and Scripting Interpreter | Get2 has the ability to run executables with command-line arguments.1 |
| enterprise | T1057 | Process Discovery | Get2 has the ability to identify running processes on an infected host.1 |
| enterprise | T1055 | Process Injection | - |
| enterprise | T1055.001 | Dynamic-link Library Injection | Get2 has the ability to inject DLLs into processes.1 |
| enterprise | T1082 | System Information Discovery | Get2 has the ability to identify the computer name and Windows version of an infected host.1 |
| enterprise | T1033 | System Owner/User Discovery | Get2 has the ability to identify the current username of an infected host.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0092 | TA505 | 1 |