WINERACK is a backdoor used by APT37. [1]

ID: S0219
Version: 1.0
Created: 18 April 2018
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery

WINERACK can enumerate active windows.[1]

Enterprise T1059 Command and Scripting Interpreter

WINERACK can create a reverse shell that utilizes statically-linked Wine cmd.exe code to emulate Windows command prompt commands.[1]

Enterprise T1083 File and Directory Discovery

WINERACK can enumerate files and directories.[1]

Enterprise T1057 Process Discovery

WINERACK can enumerate processes.[1]

Enterprise T1082 System Information Discovery

WINERACK can gather information about the host.[1]

Enterprise T1033 System Owner/User Discovery

WINERACK can gather information on the victim username.[1]

Enterprise T1007 System Service Discovery

WINERACK can enumerate services.[1]

Groups That Use This Software

ID Name References
G0067 APT37