![]() ĭrovorub can transfer files from the victim machine. ĭRATzarus can collect information from a compromised host. ĭragonfly has collected data from local victim systems. ĭnsSystem can upload files from infected machines after receiving a command with uploaddd in the string. ĭarkWatchman can collect files from a compromised host. ĭark Caracal collected complete contents of the 'Pictures' folder from compromised Windows systems. ĭanBot can upload files from compromised hosts. Ĭyclops Blink can upload files from a compromised host. Ĭryptoistic can retrieve files from the local file system. Ĭrutch can exfiltrate files from compromised systems. Ĭrimson can collect information from a compromised host. ĬreepyDrive can upload files to C2 from victim machines. ĭuring CostaRicto, the threat actors collected data and files from compromised networks. ĬosmicDuke steals user files from local hard drives with file extensions that match a predefined list. ĬookieMiner has retrieved iPhone text messages from iTunes phone backup files. Ĭobalt Strike can collect data from a local system. Ĭlambling can collect information from a compromised host. Ĭhrommme can collect data from a local system. Ĭhina Chopper's server component can upload local files. ĬharmPower can collect data and files from a compromised host. Ĭcf32 can collect files from a compromised host. Ĭaterpillar WebShell has a module to collect information from the local database. Ĭalisto can collect data from user directories. ĭuring C0015, the threat actors obtained files and data from the compromised network. īumblebee can capture and compress stolen credentials from the Registry and volume shadow copies. īRONZE BUTLER has exfiltrated files stolen from local systems. īoxCaon can upload files from a compromised host. īLINDINGCAN has uploaded files from victim machines. īlackMould can copy files on a compromised host. īisonal has collected information from a compromised host. īazar can retrieve information from the infected machine. īankshot collects files from the local system. īandook can collect local files from the system. īadPatch collects files from the local system that have the following extensions, then prepares them for exfiltration. When it first starts, BADNEWS crawls the victim's local drives and collects documents with the following extensions. īADFLICK has uploaded files from victims' machines. Īxiom has collected data from a compromised network. ![]() ĪuTo Stealer can collect data such as PowerPoint files, Word documents, Excel files, PDF files, text files, database files, and image files from an infected machine. ![]() ĪPT41 has uploaded files and data from a compromised host. ĪPT39 has used various tools to steal files from the compromised host. ĪPT38 has collected data from a compromised host. ĪPT37 has collected data from victims' local systems. ĪPT3 will identify Microsoft Office documents on the victim's computer. ĪPT29 has extracted files from compromised networks. ĪPT28 has retrieved internal documents from machines inside victim environments, including by using Forfiles to stage documents before exfiltration. ĪPT1 has collected files from a local victim. ĪppleSeed can collect data on a compromised host. Īndariel has collected large numbers of files from compromised network systems for later extraction. Īmadey can collect information from a compromised host. Action RAT can collect local data from an infected machine. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |