{"description": "Enterprise techniques used by SameCoin, ATT&CK software S9030 (v1.0)", "name": "SameCoin (S9030)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1485", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can overwrite designated files on targeted systems with random bytes.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1491", "showSubtechniques": true}, {"techniqueID": "T1491.001", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can alter the victim\u2019s background to display an image showing the name of Hamas\u2019s military wing.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1083", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can list all system files and can avoid wiping specific directories such as Program Files, Windows, and Users.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1534", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can send its Setup.exe file as an attachment to other addresses in the same compromised organization.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1570", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can copy its wiper executable to remote machines within the same Active Directory.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1036", "showSubtechniques": true}, {"techniqueID": "T1036.005", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) has named files to appear legitimate such as \"MicrosoftEdge.exe.\"(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1053", "showSubtechniques": true}, {"techniqueID": "T1053.005", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) has the ability to set a scheduled task for execution.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1679", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can avoid overwriting file names that contain \u201cdesktop.ini\u201d and \u201cconf.conf.\" (Citation: Check Point Wirte NOV 2024)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1614", "comment": "[SameCoin](https://attack.mitre.org/software/S9030) can attempt to connect to the Israel Home Front Command site, oref.org[.]il, which is only reachable from within Israel to verify the target's location.(Citation: Check Point Wirte NOV 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by SameCoin", "color": "#66b1ff"}]}