Tactics, Techniques and Procedures for  Bianlian



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Execution (TA0002) Defense Evasion (TA0005) Discovery (TA0007) Lateral Movement (TA0008) Impact (TA0040)
User Execution (T1204)
An adversary may rely upon specific actions by a user in order to gain execution.
Virtualization/Sandbox Evasion (T1497)
Adversaries may employ various means to detect and avoid virtualization and analysis environments.
System Information Discovery (T1082)
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Replication Through Removable Media (T1091)
Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.
Data Encrypted for Impact (T1486)
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
Command and Scripting Interpreter (T1059)
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Software Packing (T1027.002)
Adversaries may perform software packing or virtual machine software protection to conceal their code.
File and Directory Discovery (T1083)
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Masquerading (T1036)
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.
Security Software Discovery (T1518.001)
Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment.
Peripheral Device Discovery (T1120)
Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.

This information is provided by Crocodyli or Ransomware.live