AutoIt backdoor

Malware & Tools · AutoIt backdoor

· MalwareS0129 · Zararlı Yazılım

Type

malware

Techniques

Used By

2 groups

Platforms

Windows

Description

AutoIt backdoor is malware that has been used by the actors responsible for the MONSOON campaign. The actors frequently used it in weaponized .pps files exploiting CVE-2014-6352. (Citation: Forcepoint Monsoon) This malware makes use of the legitimate scripting language for Windows GUI automation with the same name.

Tactic Coverage

execution (1)discovery (1)command and control (1)privilege escalation (1)

Used By (2 groups)

G0064APT33HOLMIUM, Elfin G0040PatchworkHangover Group, Dropping Elephant

Techniques (4)

T1059.001PowerShell

execution

T1083File and Directory Discovery

discovery

T1132.001Standard Encoding

command and control

T1548.002Bypass User Account Control

privilege escalation

References

https://attack.mitre.org/software/S0129 https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf