Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Hikit has the ability to create a remote shell and run given commands.[3] |
Enterprise | T1005 | Data from Local System | ||
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography | |
Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Hikit has used DLL Search Order Hijacking to load |
Enterprise | T1105 | Ingress Tool Transfer |
Hikit has the ability to download files to a compromised host.[1] |
|
Enterprise | T1566 | Phishing | ||
Enterprise | T1090 | .001 | Proxy: Internal Proxy | |
Enterprise | T1014 | Rootkit | ||
Enterprise | T1553 | .004 | Subvert Trust Controls: Install Root Certificate |
Hikit uses |
.006 | Subvert Trust Controls: Code Signing Policy Modification |
Hikit has attempted to disable driver signing verification by tampering with several Registry keys prior to the loading of a rootkit driver component.[3] |
ID | Name | References |
---|---|---|
G0001 | Axiom |