Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

UPPERCUT

UPPERCUT is a backdoor that has been used by menuPass. [1]

ID: S0275
Aliases: UPPERCUT, ANEL
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
UPPERCUT[1]
ANEL[1]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceUPPERCUT uses cmd.exe to execute commands on the victim’s machine.[1]
EnterpriseT1083File and Directory DiscoveryUPPERCUT has the capability to gather the victim's current directory.[1]
EnterpriseT1105Remote File CopyUPPERCUT can download and upload files to and from the victim’s machine.[1]
EnterpriseT1113Screen CaptureUPPERCUT can capture desktop screenshots in the PNG format and send them to the C2 server.[1]
EnterpriseT1071Standard Application Layer ProtocolUPPERCUT has used HTTP for C2, including sending error codes in Cookie headers.[1]
EnterpriseT1032Standard Cryptographic ProtocolSome versions of UPPERCUT have used the hard-coded string “this is the encrypt key” for Blowfish encryption when communicating with a C2. Later versions have hard-coded keys uniquely for each C2 address.[1]
EnterpriseT1082System Information DiscoveryUPPERCUT has the capability to gather the system’s hostname and OS version.[1]
EnterpriseT1016System Network Configuration DiscoveryUPPERCUT has the capability to gather the victim's proxy information.[1]
EnterpriseT1033System Owner/User DiscoveryUPPERCUT has the capability to collect the current logged on user’s username from a machine.[1]
EnterpriseT1124System Time DiscoveryUPPERCUT has the capability to obtain the time zone information and current timestamp of the victim’s machine.[1]

Groups

Groups that use this software:

menuPass

References