Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Briba creates run key Registry entries pointing to malicious DLLs dropped to disk.[2] |
Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service |
Briba installs a service pointing to a malicious DLL dropped to disk.[2] |
Enterprise | T1105 | Ingress Tool Transfer | ||
Enterprise | T1218 | .011 | System Binary Proxy Execution: Rundll32 |
Briba uses rundll32 within Registry Run Keys / Startup Folder entries to execute malicious DLLs.[2] |