PLAINTEE
PLAINTEE is a malware sample that has been used by Rancor in targeted attacks in Singapore and Cambodia. [1]
ID: S0254
Type: MALWARE
Platforms: Windows
Version: 1.0
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1088 | Bypass User Account Control | |
Enterprise | T1059 | Command-Line Interface |
PLAINTEE uses cmd.exe to execute commands on the victim’s machine.[1] |
Enterprise | T1094 | Custom Command and Control Protocol | |
Enterprise | T1024 | Custom Cryptographic Protocol | |
Enterprise | T1112 | Modify Registry |
PLAINTEE uses |
Enterprise | T1057 | Process Discovery |
PLAINTEE performs the |
Enterprise | T1060 | Registry Run Keys / Startup Folder |
PLAINTEE gains persistence by adding the Registry key |
Enterprise | T1105 | Remote File Copy | |
Enterprise | T1082 | System Information Discovery |
PLAINTEE collects general system enumeration data about the infected machine and checks the OS version.[1] |
Enterprise | T1016 | System Network Configuration Discovery |
PLAINTEE uses the |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0075 | Rancor | [1] |