Skip to content

S0469 ABK

ABK is a downloader that has been used by BRONZE BUTLER since at least 2019.1

Item Value
ID S0469
Associated Names
Type MALWARE
Version 1.0
Created 10 June 2020
Last Modified 24 June 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols ABK has the ability to use HTTP in communications with C2.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell ABK has the ability to use cmd to run a Portable Executable (PE) on the compromised host.1
enterprise T1140 Deobfuscate/Decode Files or Information ABK has the ability to decrypt AES encrypted payloads.1
enterprise T1105 Ingress Tool Transfer ABK has the ability to download files from C2.1
enterprise T1027 Obfuscated Files or Information -
enterprise T1027.003 Steganography ABK can extract a malicious Portable Executable (PE) from a photo.1
enterprise T1055 Process Injection ABK has the ability to inject shellcode into svchost.exe.1
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery ABK has the ability to identify the installed anti-virus product on the compromised host.1

Groups That Use This Software

ID Name References
G0060 BRONZE BUTLER 1

References