ATT&CK v12 is now live! Check out the updates here
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
CARROTBALL
CARROTBALL is an FTP downloader utility that has been in use since at least 2019. CARROTBALL has been used as a downloader to install SYSCON.[1]
ID: S0465
ⓘ
Type: TOOL
ⓘ
Platforms: Windows
Version: 1.0
Created: 02 June 2020
Last Modified: 10 June 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .002 | Application Layer Protocol: File Transfer Protocols |
CARROTBALL has the ability to use FTP in C2 communications.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
CARROTBALL has the ability to download and install a remote payload.[1] |
|
| Enterprise | T1027 | Obfuscated Files or Information |
CARROTBALL has used a custom base64 alphabet to decode files.[1] |
|
| Enterprise | T1204 | .002 | User Execution: Malicious File |
CARROTBALL has been executed through users being lured into opening malicious e-mail attachments.[1] |
References
×