Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1548 | .002 | Abuse Elevation Control Mechanism: Bypass User Account Control | |
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
PLAINTEE gains persistence by adding the Registry key |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
PLAINTEE uses cmd.exe to execute commands on the victim’s machine.[1] |
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography | |
Enterprise | T1105 | Ingress Tool Transfer | ||
Enterprise | T1112 | Modify Registry |
PLAINTEE uses |
|
Enterprise | T1057 | Process Discovery |
PLAINTEE performs the |
|
Enterprise | T1082 | System Information Discovery |
PLAINTEE collects general system enumeration data about the infected machine and checks the OS version.[1] |
|
Enterprise | T1016 | System Network Configuration Discovery |
PLAINTEE uses the |
ID | Name | References |
---|---|---|
G0075 | Rancor |