ABK
ABK is a downloader that has been used by BRONZE BUTLER since at least 2019.[1]
ID: S0469
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 10 June 2020
Last Modified: 24 June 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
ABK has the ability to use HTTP in communications with C2.[1] |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
ABK has the ability to use cmd to run a Portable Executable (PE) on the compromised host.[1] |
| Enterprise | T1140 | Deobfuscate/Decode Files or Information | ||
| Enterprise | T1105 | Ingress Tool Transfer | ||
| Enterprise | T1027 | .003 | Obfuscated Files or Information: Steganography |
ABK can extract a malicious Portable Executable (PE) from a photo.[1] |
| Enterprise | T1055 | Process Injection |
ABK has the ability to inject shellcode into svchost.exe.[1] |
|
| Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
ABK has the ability to identify the installed anti-virus product on the compromised host.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0060 | BRONZE BUTLER |