ID | X0035 |
Aliases | Xagent |
Platforms | Windows |
Year | 2015 |
Associated ATT&CK Software | CHOPSTICK |
Malware family of modular backdoors.
See ATT&CK: CHOPSTICK - Techniques Used.
Name | Use |
---|---|
Defense Evasion::Modify Registry (E1112) | CHOPSTICK may encrypt and store configuration data inside a registry key. [1] |
Discovery::System Information Discovery (E1082) | CHOPSTICK collects information from the host including Windows version, CPU architecture, and UAC settings. [1] |
Defense Evasion::Hidden Files and Directories (F0005) | CHOPSTICK creates a hidden file for temporary storage. [1] |
Collection::Keylogging (F0002) | CHOPSTICK collects user keystrokes. [1] |
Collection::Screen Capture (E1113) | CHOPSTICK takes snapshots of deskop and window contents. [1] |
Command and Control::C2 Communication::Send Data (B0030.001) | CHOPSTICK sends data to the C2 server using HTTP POST requests. [1] |
Name | Use |
---|---|
Cryptography::Encrypt Data::RC4 (C0027.009) | CHOPSTICK encrypts the configuration block using RC4 encryption. [1] |
SHA256 Hashes
- 8ec464c36951aa028554be9ed7c7d9aa0bfcc9fa65a7874759afa853a18ecea7
[1] https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf