FunnyDream, Campaign C0007 | MITRE ATT&CK® (original) (raw)
Enterprise
Acquire Infrastructure: Domains
For FunnyDream, the threat actors registered a variety of domains.[1]
Enterprise
Archive Collected Data: Archive via Utility
During FunnyDream, the threat actors used 7zr.exe to add collected files to an archive.[1]
Enterprise
Command and Scripting Interpreter: Windows Command Shell
During FunnyDream, the threat actors used cmd.exe to execute the wmiexec.vbs script.[1]
Command and Scripting Interpreter: Visual Basic
During FunnyDream, the threat actors used a Visual Basic script to run remote commands.[1]
Enterprise
Establish Accounts: Email Accounts
For FunnyDream, the threat actors likely established an identified email account to register a variety of domains that were used during the campaign.[1]
Enterprise
During FunnyDream, the threat actors downloaded additional droppers and backdoors onto a compromised system.[1]
Enterprise
For FunnyDream, the threat actors used a new backdoor named FunnyDream.[1]
For FunnyDream, the threat actors used a modified version of the open source PcShare remote administration tool.[1]
Enterprise
During FunnyDream, the threat actors used Tasklist on targeted systems.[1]
Enterprise
During FunnyDream, the threat actors used several tools and batch files to map victims' internal networks.[1]
Enterprise
During FunnyDream, the threat actors used Systeminfo to collect information on targeted hosts.[1]
Enterprise
System Network Configuration Discovery
During FunnyDream, the threat actors used ipconfig for discovery on remote systems.[1]
Enterprise
System Network Connections Discovery
During FunnyDream, the threat actors used netstat to discover network connections on remote systems.[1]
Enterprise
Windows Management Instrumentation
During FunnyDream, the threat actors used wmiexec.vbs to run remote commands.[1]