adbupd

adbupd is a backdoor used by PLATINUM that is similar to Dipsind. [1]

ID: S0202
Type: MALWARE
Contributors: Ryan Becwar

Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line Interfaceadbupd can run a copy of cmd.exe.[1]
EnterpriseT1032Standard Cryptographic Protocoladbupd contains a copy of the OpenSSL library to encrypt C2 traffic.[1]
EnterpriseT1084Windows Management Instrumentation Event Subscriptionadbupd can use a WMI script to achieve persistence.[1]

Groups

Groups that use this software:

PLATINUM

References