Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1140 | Deobfuscate/Decode Files or Information |
Ecipekac has the ability to decrypt fileless loader modules.[1] |
|
Enterprise | T1574 | .002 | Hijack Execution Flow: DLL Side-Loading |
Ecipekac can abuse the legitimate application policytool.exe to load a malicious DLL.[1] |
Enterprise | T1105 | Ingress Tool Transfer |
Ecipekac can download additional payloads to a compromised host.[1] |
|
Enterprise | T1027 | Obfuscated Files or Information |
Ecipekac can use XOR, AES, and DES to encrypt loader shellcode.[1] |
|
Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
Ecipekac has used a valid, legitimate digital signature to evade detection.[1] |