Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
CARROTBAT has the ability to execute command line arguments on a compromised host.[2] |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
CARROTBAT has the ability to delete downloaded files from a compromised host.[1] |
Enterprise | T1105 | Ingress Tool Transfer |
CARROTBAT has the ability to download and execute a remote file via certutil.[1] |
|
Enterprise | T1027 | .010 | Obfuscated Files or Information: Command Obfuscation |
CARROTBAT has the ability to execute obfuscated commands on the infected host.[1] |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
CARROTBAT has the ability to download a base64 encoded payload.[1] |
||
Enterprise | T1082 | System Information Discovery |
CARROTBAT has the ability to determine the operating system of the compromised host and whether Windows is being run with x86 or x64 architecture.[1][2] |