![]() ![]() Īvaddon has searched for specific files prior to encryption. ĪutoIt backdoor is capable of identifying documents on the victim with the following extensions. ĪuditCred can search through folders and files on the system. Īttor has a plugin that enumerates files with specific extensions on all hard disk drives and stores file information in encrypted log files. Īria-body has the ability to gather metadata from a file and to search for file and directory names. ĪPT41 has executed file /bin/pwd on exploited victims, perhaps to return architecture related information. ĪPT39 has used tools with the ability to search for files on a compromised host. ![]() ĪPT38 have enumerated files and directories, or searched in specific locations within a compromised host. ĪPT32's backdoor possesses the capability to list files and directories on a machine. ĪPT3 has a tool that looks for files and directories on the local file system. ĪPT29 obtained information about the configured Exchange virtual directory using Get-WebServicesVirtualDirectory. The group also searched a compromised DCCC computer for specific terms. ĪPT28 has used Forfiles to locate PDF, Excel, and Word documents during collection. ĪPT18 can list files information for specific directories. ![]() Īoqin Dragon has run scripts to identify file formats including Microsoft Word. Īmadey has searched for folders associated with antivirus software. actors used the following commands after exploiting a machine with LOWBALL malware to obtain information about files and directories: dir c:\ > %temp%\download dir "c:\Documents and Settings" > %temp%\download dir "c:\Program Files\" > %temp%\download dir d:\ > %temp%\download ĪDVSTORESHELL can list files and directories. Īction RAT has the ability to collect drive and file information on an infected machine. ĤH RAT has the capability to obtain file and directory listings. 3PARA RAT has a command to retrieve metadata for files on disk as well as a command to list the current working directory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |