Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell | |
.005 | Command and Scripting Interpreter: Visual Basic |
Ferocious has the ability to use Visual Basic scripts for execution.[1] |
||
Enterprise | T1546 | .015 | Event Triggered Execution: Component Object Model Hijacking |
Ferocious can use COM hijacking to establish persistence.[1] |
Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion | |
Enterprise | T1112 | Modify Registry |
Ferocious has the ability to add a Class ID in the current user Registry hive to enable persistence mechanisms.[1] |
|
Enterprise | T1120 | Peripheral Device Discovery |
Ferocious can run |
|
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
Ferocious has checked for AV software as part of its persistence process.[1] |
Enterprise | T1082 | System Information Discovery |
Ferocious can use |
|
Enterprise | T1497 | .001 | Virtualization/Sandbox Evasion: System Checks |
Ferocious can run anti-sandbox checks using the Microsoft Excel 4.0 function |
ID | Name | References |
---|---|---|
G0090 | WIRTE |