|Enterprise||T1005||Data from Local System||
SpicyOmelette has collected data and other information from a compromised host.
|Enterprise||T1105||Ingress Tool Transfer||
SpicyOmelette can download malicious files from threat actor controlled AWS URL's.
|Enterprise||T1566||.002||Phishing: Spearphishing Link||
SpicyOmelette has been distributed via emails containing a malicious link that appears to be a PDF document.
|Enterprise||T1018||Remote System Discovery||
SpicyOmelette can identify payment systems, payment gateways, and ATM systems in compromised environments.
SpicyOmelette can enumerate running software on a targeted system.
|.001||Security Software Discovery||
SpicyOmelette can check for the presence of 29 different antivirus tools.
|Enterprise||T1553||.002||Subvert Trust Controls: Code Signing||
SpicyOmelette has been signed with valid digital certificates.
|Enterprise||T1082||System Information Discovery||
SpicyOmelette can identify the system name of a compromised host.
|Enterprise||T1016||System Network Configuration Discovery||
SpicyOmelette can identify the IP of a compromised system.
|Enterprise||T1204||.001||User Execution: Malicious Link||
SpicyOmelette has been executed through malicious links within spearphishing emails.