Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
MoleNet can achieve persitence on the infected machine by setting the Registry run key.[1] |
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell | |
.003 | Command and Scripting Interpreter: Windows Command Shell |
MoleNet can execute commands via the command line utility.[1] |
||
Enterprise | T1105 | Ingress Tool Transfer | ||
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
MoleNet can use WMI commands to check the system for firewall and antivirus software.[1] |
Enterprise | T1082 | System Information Discovery |
MoleNet can collect information about the about the system.[1] |
|
Enterprise | T1047 | Windows Management Instrumentation |