This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
RDFSNIFFER
RDFSNIFFER is a module loaded by BOOSTWRITE which allows an attacker to monitor and tamper with legitimate connections made via an application designed to provide visibility and system management capabilities to remote IT techs.[1]
ID: S0416
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 11 October 2019
Last Modified: 16 October 2019
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
RDFSNIFFER has the capability of deleting local files.[1] |
| Enterprise | T1056 | .004 | Input Capture: Credential API Hooking |
RDFSNIFFER hooks several Win32 API functions to hijack elements of the remote system management user-interface.[1] |
| Enterprise | T1106 | Native API |
RDFSNIFFER has used several Win32 API functions to interact with the victim machine.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0046 | FIN7 |
References
×