Get2 is a downloader written in C++ that has been used by TA505 to deliver FlawedGrace, FlawedAmmyy, Snatch and SDBbot.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Get2 has the ability to use HTTP to send information collected from an infected host to C2.[1] |
Enterprise | T1059 | Command and Scripting Interpreter |
Get2 has the ability to run executables with command-line arguments.[1] |
|
Enterprise | T1057 | Process Discovery |
Get2 has the ability to identify running processes on an infected host.[1] |
|
Enterprise | T1055 | .001 | Process Injection: Dynamic-link Library Injection | |
Enterprise | T1082 | System Information Discovery |
Get2 has the ability to identify the computer name and Windows version of an infected host.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
Get2 has the ability to identify the current username of an infected host.[1] |