{"description": "Enterprise techniques used by HOMEFRY, ATT&CK software S0232 (v1.2)", "name": "HOMEFRY (S0232)", "domain": "enterprise-attack", "versions": {"layer": "4.4", "attack": "16", "navigator": "4.8.1"}, "techniques": [{"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.003", "comment": "[HOMEFRY](https://attack.mitre.org/software/S0232) uses a command-line interface.(Citation: FireEye Periscope March 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1027", "showSubtechniques": true}, {"techniqueID": "T1027.013", "comment": "Some strings in [HOMEFRY](https://attack.mitre.org/software/S0232) are obfuscated with XOR x56.(Citation: FireEye Periscope March 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1003", "comment": "[HOMEFRY](https://attack.mitre.org/software/S0232) can perform credential dumping.(Citation: FireEye Periscope March 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by HOMEFRY", "color": "#66b1ff"}]}