Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Software
  3. Zox

Zox

Zox is a remote access tool that has been used byAxiom since at least 2008.[1]

ID: S0672
Associated Software: Gresim, ZoxRPC, ZoxPNG
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 09 January 2022
Last Modified: 10 April 2024

Associated Software Descriptions

NameDescription
Gresim

[1]

ZoxRPC

[1]

ZoxPNG

[1]

Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1005Data from Local System

Zox has the ability to upload files from a targeted system.[1]

EnterpriseT1001.002Data Obfuscation:Steganography

Zox has used the .PNG file format for C2 communications.[1]

EnterpriseT1068Exploitation for Privilege Escalation

Zox has the ability to leverage local and remote exploits to escalate privileges.[1]

EnterpriseT1083File and Directory Discovery

Zox can enumerate files on a compromised host.[1]

EnterpriseT1105Ingress Tool Transfer

Zox can download files to a compromised machine.[1]

EnterpriseT1680Local Storage Discovery

Zox can enumerate attached drives.[1]

EnterpriseT1027.013Obfuscated Files or Information:Encrypted/Encoded File

Zox has been encoded with Base64.[1]

EnterpriseT1057Process Discovery

Zox has the ability to list processes.[1]

EnterpriseT1021.002Remote Services:SMB/Windows Admin Shares

Zox has the ability to use SMB for communication.[1]

Groups That Use This Software

IDNameReferences
G0001Axiom

[1]

References

×
[8]ページ先頭
©2009-2026 Movatter.jp