| ID | X0046 |
| Aliases | None |
| Platforms | Windows |
| Year | 2014 |
| Associated ATT&CK Software | None |
BadUSB is an attack that exploits an inherent vulnerability in USB firmware. Such an attack reprograms a USB device, causing it to act as a human interface device; once re-engineered, the USB device is used to discreetly execute commands or run malicious programs on the victim's computer. [1]
| Name | Use |
|---|---|
| Command and Control::Communication Through Removable Media (T1092) | A USB interface is able to connect to many different devices, including cameras, keyboards, modems, webcams, wireless networking devices, and others. BadUSB leverages these devices. [1] |
| Initial Access :: Replication Through Removable Media (T1091) | BadUSB can be used as a means of gaining initial access to a target machine by exploiting vulnerabilities in the USB firmware or by tricking the user into plugging in an infected USB device. [1] |
| Collection::Data from Local System (T1005) | BadUSB can steal sensitive data from an infected machine (e.g., login credentials) and transmit it to a remote C2 server. [3] |
| Name | Use |
|---|---|
| Impact::Modify Hardware (B0042) | BadUSB can modify USB drives. [4] |
MD5 Hashes
- 0022c1fe1d6b036de2a08d50ac5446a5
- 0155738045b331f44d300f4a7d08cf21
- 0275585c3b871405dd299d458724db3d
[1] https://www.manageengine.com/data-security/security-threats/bad-usb.html
[2] https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
[3] https://radetskiy.files.wordpress.com/2014/08/srlabs-badusb-blackhat-v1.pdf
[4] https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
[5] https://www.darkreading.com/endpoint/when-good-usb-devices-go-bad
[6] https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf