Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | Command and Scripting Interpreter |
Bonadan can create bind and reverse shells on the infected system.[1] |
|
Enterprise | T1554 | Compromise Host Software Binary |
Bonadan has maliciously altered the OpenSSH binary on targeted systems to create a backdoor.[1] |
|
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography | |
Enterprise | T1105 | Ingress Tool Transfer |
Bonadan can download additional modules from the C2 server.[1] |
|
Enterprise | T1057 | Process Discovery |
Bonadan can use the |
|
Enterprise | T1496 | .001 | Resource Hijacking: Compute Hijacking |
Bonadan can download an additional module which has a cryptocurrency mining extension.[1] |
Enterprise | T1082 | System Information Discovery |
Bonadan has discovered the OS version, CPU model, and RAM size of the system it has been installed on.[1] |
|
Enterprise | T1016 | System Network Configuration Discovery |
Bonadan can find the external IP address of the infected host.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
Bonadan has discovered the username of the user running the backdoor.[1] |