ABK

ABK is a downloader that has been used by BRONZE BUTLER since at least 2019.[1]

ID: S0469
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 10 June 2020
Last Modified: 24 June 2020

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

ABK has the ability to use HTTP in communications with C2.[1]

Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

ABK has the ability to use cmd to run a Portable Executable (PE) on the compromised host.[1]

Enterprise T1140 Deobfuscate/Decode Files or Information

ABK has the ability to decrypt AES encrypted payloads.[1]

Enterprise T1105 Ingress Tool Transfer

ABK has the ability to download files from C2.[1]

Enterprise T1027 .003 Obfuscated Files or Information: Steganography

ABK can extract a malicious Portable Executable (PE) from a photo.[1]

Enterprise T1055 Process Injection

ABK has the ability to inject shellcode into svchost.exe.[1]

Enterprise T1518 .001 Software Discovery: Security Software Discovery

ABK has the ability to identify the installed anti-virus product on the compromised host.[1]

Groups That Use This Software

ID Name References
G0060 BRONZE BUTLER

[1]

References