WINERACK

WINERACK is a backdoor used by APT37. [1]

ID: S0219
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery WINERACK can enumerate active windows.[1]
Enterprise T1059 Command-Line Interface WINERACK can create a reverse shell that utilizes statically-linked Wine cmd.exe code to emulate Windows command prompt commands.[1]
Enterprise T1083 File and Directory Discovery WINERACK can enumerate files and directories.[1]
Enterprise T1057 Process Discovery WINERACK can enumerate processes.[1]
Enterprise T1082 System Information Discovery WINERACK can gather information about the host.[1]
Enterprise T1033 System Owner/User Discovery WINERACK can gather information on the victim username.[1]
Enterprise T1007 System Service Discovery WINERACK can enumerate services.[1]

Groups

Groups that use this software:

APT37

References