This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
MCMD
MCMD is a remote access tool that provides remote command shell capability used by Dragonfly 2.0.[1]
ID: S0500
ⓘ
Type: TOOL
ⓘ
Platforms: Windows
Version: 1.0
Created: 13 August 2020
Last Modified: 20 August 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
MCMD can launch a console process (cmd.exe) with redirected standard input and output.[1] |
| Enterprise | T1005 | Data from Local System |
MCMD has the ability to upload files from an infected device.[1] |
|
| Enterprise | T1564 | .003 | Hide Artifacts: Hidden Window |
MCMD can modify processes to prevent them from being visible on the desktop.[1] |
| Enterprise | T1070 | Indicator Removal on Host | ||
| Enterprise | T1105 | Ingress Tool Transfer | ||
| Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location | |
| Enterprise | T1027 | Obfuscated Files or Information |
MCMD can Base64 encode output strings prior to sending to C2.[1] |
|
| Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task | |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0035 | Dragonfly |
References
×