Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

WINERACK

WINERACK is a backdoor used by APT37. [1]

ID: S0219
Aliases: WINERACK
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
WINERACK[1]

Techniques Used

DomainIDNameUse
EnterpriseT1010Application Window DiscoveryWINERACK can enumerate active windows.[1]
EnterpriseT1059Command-Line InterfaceWINERACK can create a reverse shell that utilizes statically-linked Wine cmd.exe code to emulate Windows command prompt commands.[1]
EnterpriseT1083File and Directory DiscoveryWINERACK can enumerate files and directories.[1]
EnterpriseT1057Process DiscoveryWINERACK can enumerate processes.[1]
EnterpriseT1082System Information DiscoveryWINERACK can gather information about the host.[1]
EnterpriseT1033System Owner/User DiscoveryWINERACK can gather information on the victim username.[1]
EnterpriseT1007System Service DiscoveryWINERACK can enumerate services.[1]

Groups

Groups that use this software:

APT37

References