Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell | |
Enterprise | T1001 | .003 | Data Obfuscation: Protocol or Service Impersonation | |
Enterprise | T1562 | .004 | Impair Defenses: Disable or Modify System Firewall |
HARDRAIN opens the Windows Firewall to modify incoming connections.[1] |
Enterprise | T1571 | Non-Standard Port |
HARDRAIN binds and listens on port 443 with a FakeTLS method.[1] |
|
Enterprise | T1090 | Proxy |
HARDRAIN uses the command |
ID | Name | References |
---|---|---|
G0032 | Lazarus Group |