S1102 Pcexter
Pcexter is an uploader that has been used by ToddyCat since at least 2023 to exfiltrate stolen files.1
| Item | Value |
|---|---|
| ID | S1102 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 22 January 2024 |
| Last Modified | 22 January 2024 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1005 | Data from Local System | Pcexter can upload files from targeted systems.1 |
| enterprise | T1567 | Exfiltration Over Web Service | - |
| enterprise | T1567.002 | Exfiltration to Cloud Storage | Pcexter can upload stolen files to OneDrive storage accounts via HTTP POST.1 |
| enterprise | T1083 | File and Directory Discovery | Pcexter has the ability to search for files in specified directories.1 |
| enterprise | T1574 | Hijack Execution Flow | - |
| enterprise | T1574.001 | DLL | Pcexter has been distributed and executed as a DLL file named Vspmsg.dll via DLL side-loading.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G1022 | ToddyCat | 1 |