|Enterprise||T1560||.003||Archive Collected Data: Archive via Custom Method|
|Enterprise||T1052||.001||Exfiltration Over Physical Medium: Exfiltration over USB|
|Enterprise||T1105||Ingress Tool Transfer|
|Enterprise||T1091||Replication Through Removable Media||
Agent.btz drops itself onto removable media devices and creates an autorun.inf file with an instruction to run that file. When the device is inserted into another system, it opens autorun.inf and loads the malware.
|Enterprise||T1016||System Network Configuration Discovery||
Agent.btz collects the network adapter’s IP and MAC address as well as IP addresses of the network adapter’s default gateway, primary/secondary WINS, DHCP, and DNS servers, and saves them into a log file.
|Enterprise||T1033||System Owner/User Discovery|