ĪPT29 obtained information about the configured Exchange virtual directory using Get-WebServicesVirtualDirectory. The group also searched a compromised DCCC computer for specific terms. ĪPT28 has used Forfiles to locate PDF, Excel, and Word documents during collection. ĪPT18 can list files information for specific directories. Īoqin Dragon has run scripts to identify file formats including Microsoft Word. Īmadey has searched for folders associated with antivirus software. actors used the following commands after exploiting a machine with LOWBALL malware to obtain information about files and directories: dir c:\ > %temp%\download dir "c:\Documents and Settings" > %temp%\download dir "c:\Program Files\" > %temp%\download dir d:\ > %temp%\download ĪDVSTORESHELL can list files and directories. ![]() Īction RAT has the ability to collect drive and file information on an infected machine. ĤH RAT has the capability to obtain file and directory listings. 3PARA RAT has a command to retrieve metadata for files on disk as well as a command to list the current working directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |