Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Software
  3. USBferry

USBferry

USBferry is an information stealing malware and has been used byTropic Trooper in targeted attacks against Taiwanese and Philippine air-gapped military environments.USBferry shares an overlapping codebase withYAHOYAH, though it has several features which makes it a distinct piece of malware.[1]

ID: S0452
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 20 May 2020
Last Modified: 25 April 2025
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1087.001Account Discovery:Local Account

USBferry can usenet user to gather information about local accounts.[1]

EnterpriseT1059.003Command and Scripting Interpreter:Windows Command Shell

USBferry can execute various Windows commands.[1]

EnterpriseT1005Data from Local System

USBferry can collect information from an air-gapped host machine.[1]

EnterpriseT1083File and Directory Discovery

USBferry can detect the victim's file or folder list.[1]

EnterpriseT1120Peripheral Device Discovery

USBferry can check for connected USB devices.[1]

EnterpriseT1057Process Discovery

USBferry can usetasklist to gather information about the process running on the infected system.[1]

EnterpriseT1018Remote System Discovery

USBferry can usenet view to gather information about remote systems.[1]

EnterpriseT1091Replication Through Removable Media

USBferry can copy its installer to attached USB storage devices.[1]

EnterpriseT1218.011System Binary Proxy Execution:Rundll32

USBferry can execute rundll32.exe in memory to avoid detection.[1]

EnterpriseT1016System Network Configuration Discovery

USBferry can detect the infected machine's network topology usingipconfig andarp.[1]

EnterpriseT1049System Network Connections Discovery

USBferry can usenetstat andnbtstat to detect active network connections.[1]

Groups That Use This Software

IDNameReferences
G0081Tropic Trooper

[1]

References

×
[8]ページ先頭
©2009-2026 Movatter.jp