Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Wiarp

Wiarp is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0206
Aliases: Wiarp
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Wiarp[2]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceWiarp creates a backdoor through which remote attackers can open a command line interface.[2]
EnterpriseT1043Commonly Used PortWiarp connects to external C2 infrastructure over the HTTP port.[2]
EnterpriseT1050New ServiceWiarp creates a backdoor through which remote attackers can create a service.[2]
EnterpriseT1055Process InjectionWiarp creates a backdoor through which remote attackers can inject files into running processes.[2]
EnterpriseT1105Remote File CopyWiarp creates a backdoor through which remote attackers can download files.[2]

Groups

Groups that use this software:

Elderwood

References