|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell||
BISCUIT has a command to launch a command shell on the system.
|Enterprise||T1573||.002||Encrypted Channel: Asymmetric Cryptography|
BISCUIT malware contains a secondary fallback command and control server that is contacted after the primary command and control server.
|Enterprise||T1105||Ingress Tool Transfer||
BISCUIT has a command to download a file from the C2 server.
|Enterprise||T1056||.001||Input Capture: Keylogging|
BISCUIT has a command to enumerate running processes and identify their owners.
BISCUIT has a command to periodically take screenshots of the system.
|Enterprise||T1082||System Information Discovery||
BISCUIT has a command to collect the processor type, operation system, computer name, uptime, and whether the system is a laptop or PC.
|Enterprise||T1033||System Owner/User Discovery||
BISCUIT has a command to gather the username from the system.