Wiarp

Wiarp is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0206
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 06 January 2021

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

Wiarp creates a backdoor through which remote attackers can open a command line interface.[2]

Enterprise T1543 .003 Create or Modify System Process: Windows Service

Wiarp creates a backdoor through which remote attackers can create a service.[2]

Enterprise T1105 Ingress Tool Transfer

Wiarp creates a backdoor through which remote attackers can download files.[2]

Enterprise T1055 Process Injection

Wiarp creates a backdoor through which remote attackers can inject files into running processes.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References