<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1,shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v13/theme/favicon.ico" type='image/x-icon'> <title>InvisiMole, Software S0260 | MITRE ATT&CK&reg;</title> <!-- Bootstrap CSS --> <link rel='stylesheet' href="/versions/v13/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v13/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v13/theme/style/bootstrap-tourist.css" /> <link rel='stylesheet' href="/versions/v13/theme/style/bootstrap-select.min.css" /> <link rel="stylesheet" type="text/css" href="/versions/v13/theme/style.min.css?e8044105"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"> </head> <body> <div class="container-fluid attack-website-wrapper d-flex flex-column h-100"> <div class="row sticky-top flex-grow-0 flex-shrink-1"> <!-- header elements --> <header class="col px-0"> <nav class='navbar navbar-expand-lg navbar-dark position-static'> <a class='navbar-brand' href="/versions/v13/"><img src="/versions/v13/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v13/matrices/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Matrices</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v13/matrices/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v13/matrices/mobile/">Mobile</a> <a class="dropdown-item" href="/versions/v13/matrices/ics/">ICS</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v13/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v13/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v13/tactics/mobile/">Mobile</a> <a class="dropdown-item" href="/versions/v13/tactics/ics/">ICS</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v13/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v13/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v13/techniques/mobile/">Mobile</a> <a class="dropdown-item" href="/versions/v13/techniques/ics/">ICS</a> </div> </li> <li class="nav-item"> <a href="/versions/v13/datasources" class="nav-link" ><b>Data Sources</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v13/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v13/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v13/mitigations/mobile/">Mobile</a> <a class="dropdown-item" href="/versions/v13/mitigations/ics/">ICS</a> </div> </li> <li class="nav-item"> <a href="/versions/v13/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v13/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item"> <a href="/versions/v13/campaigns" class="nav-link" ><b>Campaigns</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v13/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v13/resources/">General Information</a> <a class="dropdown-item" href="/versions/v13/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v13/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v13/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v13/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v13/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v13/resources/related-projects/">Related Projects</a> <a class="dropdown-item" href="/versions/v13/resources/brand/">Brand Guide</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>&nbsp; <img src="/versions/v13/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v13/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div id="search-icon" class="icon-button search-icon"></div></button> </li> </ul> </div> </nav> </header> </div> <div class="row flex-grow-0 flex-shrink-1"> <!-- banner elements --> <div class="col px-0"> <!-- don't edit or remove the line below even though it's commented out, it gets parsed and replaced by the versioning feature --> <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v13/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v13.1" target="_blank">ATT&CK v13.1</a> which was live between April 25, 2023 and October 30, 2023. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> </div> </div> <div class="row flex-grow-1 flex-shrink-0"> <!-- main content elements --> <!--start-indexing-for-search--> <div class="sidebar nav sticky-top flex-column pr-0 pt-4 pb-3 pl-3" id="v-tab" role="tablist" aria-orientation="vertical"> <div class="resizer"></div> <!--stop-indexing-for-search--> <div id="v-tab" role="tablist" aria-orientation="vertical" class="h-100"> <div class="sidenav-wrapper"> <div class="heading" data-toggle="collapse" data-target="#sidebar-collapse" id="v-home-tab" aria-selected="false">SOFTWARE <i class="fa fa-fw fa-chevron-down"></i> <i class="fa fa-fw fa-chevron-up"></i> </div> <br class="br-mobile"> <div class="collapse show" id="sidebar-collapse"> <div class="sidenav-list"> <div class="sidenav"> <div class="sidenav-head " id="0-0"> <a href="/versions/v13/software/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="3PARA RAT-3PARA RAT"> <a href="/versions/v13/software/S0066/"> 3PARA RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="4H RAT-4H RAT"> <a href="/versions/v13/software/S0065/"> 4H RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AADInternals-AADInternals"> <a href="/versions/v13/software/S0677/"> AADInternals </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ABK-ABK"> <a href="/versions/v13/software/S0469/"> ABK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AbstractEmu-AbstractEmu"> <a href="/versions/v13/software/S1061/"> AbstractEmu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ACAD/Medre.A-ACAD/Medre.A"> <a href="/versions/v13/software/S1000/"> ACAD/Medre.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Action RAT-Action RAT"> <a href="/versions/v13/software/S1028/"> Action RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="adbupd-adbupd"> <a href="/versions/v13/software/S0202/"> adbupd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AdFind-AdFind"> <a href="/versions/v13/software/S0552/"> AdFind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Adups-Adups"> <a href="/versions/v13/software/S0309/"> Adups </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ADVSTORESHELL-ADVSTORESHELL"> <a href="/versions/v13/software/S0045/"> ADVSTORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Agent Smith-Agent Smith"> <a href="/versions/v13/software/S0440/"> Agent Smith </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Agent Tesla-Agent Tesla"> <a href="/versions/v13/software/S0331/"> Agent Tesla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Agent.btz-Agent.btz"> <a href="/versions/v13/software/S0092/"> Agent.btz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Allwinner-Allwinner"> <a href="/versions/v13/software/S0319/"> Allwinner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Amadey-Amadey"> <a href="/versions/v13/software/S1025/"> Amadey </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Anchor-Anchor"> <a href="/versions/v13/software/S0504/"> Anchor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Android/AdDisplay.Ashas-Android/AdDisplay.Ashas"> <a href="/versions/v13/software/S0525/"> Android/AdDisplay.Ashas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Android/Chuli.A-Android/Chuli.A"> <a href="/versions/v13/software/S0304/"> Android/Chuli.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AndroidOS/MalLocker.B-AndroidOS/MalLocker.B"> <a href="/versions/v13/software/S0524/"> AndroidOS/MalLocker.B </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ANDROIDOS_ANSERVER.A-ANDROIDOS_ANSERVER.A"> <a href="/versions/v13/software/S0310/"> ANDROIDOS_ANSERVER.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AndroRAT-AndroRAT"> <a href="/versions/v13/software/S0292/"> AndroRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Anubis-Anubis"> <a href="/versions/v13/software/S0422/"> Anubis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AppleJeus-AppleJeus"> <a href="/versions/v13/software/S0584/"> AppleJeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AppleSeed-AppleSeed"> <a href="/versions/v13/software/S0622/"> AppleSeed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Aria-body-Aria-body"> <a href="/versions/v13/software/S0456/"> Aria-body </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Arp-Arp"> <a href="/versions/v13/software/S0099/"> Arp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Asacub-Asacub"> <a href="/versions/v13/software/S0540/"> Asacub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ASPXSpy-ASPXSpy"> <a href="/versions/v13/software/S0073/"> ASPXSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Astaroth-Astaroth"> <a href="/versions/v13/software/S0373/"> Astaroth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="at-at"> <a href="/versions/v13/software/S0110/"> at </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Attor-Attor"> <a href="/versions/v13/software/S0438/"> Attor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AuditCred-AuditCred"> <a href="/versions/v13/software/S0347/"> AuditCred </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AuTo Stealer-AuTo Stealer"> <a href="/versions/v13/software/S1029/"> AuTo Stealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AutoIt backdoor-AutoIt backdoor"> <a href="/versions/v13/software/S0129/"> AutoIt backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Avaddon-Avaddon"> <a href="/versions/v13/software/S0640/"> Avaddon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Avenger-Avenger"> <a href="/versions/v13/software/S0473/"> Avenger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="AvosLocker-AvosLocker"> <a href="/versions/v13/software/S1053/"> AvosLocker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Azorult-Azorult"> <a href="/versions/v13/software/S0344/"> Azorult </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Babuk-Babuk"> <a href="/versions/v13/software/S0638/"> Babuk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BabyShark-BabyShark"> <a href="/versions/v13/software/S0414/"> BabyShark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BackConfig-BackConfig"> <a href="/versions/v13/software/S0475/"> BackConfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Backdoor.Oldrea-Backdoor.Oldrea"> <a href="/versions/v13/software/S0093/"> Backdoor.Oldrea </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BACKSPACE-BACKSPACE"> <a href="/versions/v13/software/S0031/"> BACKSPACE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bad Rabbit-Bad Rabbit"> <a href="/versions/v13/software/S0606/"> Bad Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BADCALL-BADCALL"> <a href="/versions/v13/software/S0245/"> BADCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BADFLICK-BADFLICK"> <a href="/versions/v13/software/S0642/"> BADFLICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BADNEWS-BADNEWS"> <a href="/versions/v13/software/S0128/"> BADNEWS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BadPatch-BadPatch"> <a href="/versions/v13/software/S0337/"> BadPatch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bandook-Bandook"> <a href="/versions/v13/software/S0234/"> Bandook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bankshot-Bankshot"> <a href="/versions/v13/software/S0239/"> Bankshot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bazar-Bazar"> <a href="/versions/v13/software/S0534/"> Bazar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BBK-BBK"> <a href="/versions/v13/software/S0470/"> BBK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BBSRAT-BBSRAT"> <a href="/versions/v13/software/S0127/"> BBSRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BendyBear-BendyBear"> <a href="/versions/v13/software/S0574/"> BendyBear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BISCUIT-BISCUIT"> <a href="/versions/v13/software/S0017/"> BISCUIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bisonal-Bisonal"> <a href="/versions/v13/software/S0268/"> Bisonal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BitPaymer-BitPaymer"> <a href="/versions/v13/software/S0570/"> BitPaymer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BITSAdmin-BITSAdmin"> <a href="/versions/v13/software/S0190/"> BITSAdmin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Black Basta-Black Basta"> <a href="/versions/v13/software/S1070/"> Black Basta </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BlackCat-BlackCat"> <a href="/versions/v13/software/S1068/"> BlackCat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BLACKCOFFEE-BLACKCOFFEE"> <a href="/versions/v13/software/S0069/"> BLACKCOFFEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BlackEnergy-BlackEnergy"> <a href="/versions/v13/software/S0089/"> BlackEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BlackMould-BlackMould"> <a href="/versions/v13/software/S0564/"> BlackMould </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BLINDINGCAN-BLINDINGCAN"> <a href="/versions/v13/software/S0520/"> BLINDINGCAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BloodHound-BloodHound"> <a href="/versions/v13/software/S0521/"> BloodHound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BLUELIGHT-BLUELIGHT"> <a href="/versions/v13/software/S0657/"> BLUELIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bonadan-Bonadan"> <a href="/versions/v13/software/S0486/"> Bonadan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BONDUPDATER-BONDUPDATER"> <a href="/versions/v13/software/S0360/"> BONDUPDATER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BoomBox-BoomBox"> <a href="/versions/v13/software/S0635/"> BoomBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BOOSTWRITE-BOOSTWRITE"> <a href="/versions/v13/software/S0415/"> BOOSTWRITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BOOTRASH-BOOTRASH"> <a href="/versions/v13/software/S0114/"> BOOTRASH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BoxCaon-BoxCaon"> <a href="/versions/v13/software/S0651/"> BoxCaon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BrainTest-BrainTest"> <a href="/versions/v13/software/S0293/"> BrainTest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Brave Prince-Brave Prince"> <a href="/versions/v13/software/S0252/"> Brave Prince </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bread-Bread"> <a href="/versions/v13/software/S0432/"> Bread </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Briba-Briba"> <a href="/versions/v13/software/S0204/"> Briba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Brute Ratel C4-Brute Ratel C4"> <a href="/versions/v13/software/S1063/"> Brute Ratel C4 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BS2005-BS2005"> <a href="/versions/v13/software/S0014/"> BS2005 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BUBBLEWRAP-BUBBLEWRAP"> <a href="/versions/v13/software/S0043/"> BUBBLEWRAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="build_downer-build_downer"> <a href="/versions/v13/software/S0471/"> build_downer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bumblebee-Bumblebee"> <a href="/versions/v13/software/S1039/"> Bumblebee </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Bundlore-Bundlore"> <a href="/versions/v13/software/S0482/"> Bundlore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="BusyGasper-BusyGasper"> <a href="/versions/v13/software/S0655/"> BusyGasper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cachedump-Cachedump"> <a href="/versions/v13/software/S0119/"> Cachedump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CaddyWiper-CaddyWiper"> <a href="/versions/v13/software/S0693/"> CaddyWiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cadelspy-Cadelspy"> <a href="/versions/v13/software/S0454/"> Cadelspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CALENDAR-CALENDAR"> <a href="/versions/v13/software/S0025/"> CALENDAR </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Calisto-Calisto"> <a href="/versions/v13/software/S0274/"> Calisto </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CallMe-CallMe"> <a href="/versions/v13/software/S0077/"> CallMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cannon-Cannon"> <a href="/versions/v13/software/S0351/"> Cannon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Carbanak-Carbanak"> <a href="/versions/v13/software/S0030/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Carberp-Carberp"> <a href="/versions/v13/software/S0484/"> Carberp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Carbon-Carbon"> <a href="/versions/v13/software/S0335/"> Carbon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CarbonSteal-CarbonSteal"> <a href="/versions/v13/software/S0529/"> CarbonSteal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cardinal RAT-Cardinal RAT"> <a href="/versions/v13/software/S0348/"> Cardinal RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CARROTBALL-CARROTBALL"> <a href="/versions/v13/software/S0465/"> CARROTBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CARROTBAT-CARROTBAT"> <a href="/versions/v13/software/S0462/"> CARROTBAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Catchamas-Catchamas"> <a href="/versions/v13/software/S0261/"> Catchamas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Caterpillar WebShell-Caterpillar WebShell"> <a href="/versions/v13/software/S0572/"> Caterpillar WebShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CCBkdr-CCBkdr"> <a href="/versions/v13/software/S0222/"> CCBkdr </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ccf32-ccf32"> <a href="/versions/v13/software/S1043/"> ccf32 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cerberus-Cerberus"> <a href="/versions/v13/software/S0480/"> Cerberus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="certutil-certutil"> <a href="/versions/v13/software/S0160/"> certutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Chaes-Chaes"> <a href="/versions/v13/software/S0631/"> Chaes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Chaos-Chaos"> <a href="/versions/v13/software/S0220/"> Chaos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Charger-Charger"> <a href="/versions/v13/software/S0323/"> Charger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CharmPower-CharmPower"> <a href="/versions/v13/software/S0674/"> CharmPower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ChChes-ChChes"> <a href="/versions/v13/software/S0144/"> ChChes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CHEMISTGAMES-CHEMISTGAMES"> <a href="/versions/v13/software/S0555/"> CHEMISTGAMES </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cherry Picker-Cherry Picker"> <a href="/versions/v13/software/S0107/"> Cherry Picker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="China Chopper-China Chopper"> <a href="/versions/v13/software/S0020/"> China Chopper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Chinoxy-Chinoxy"> <a href="/versions/v13/software/S1041/"> Chinoxy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CHOPSTICK-CHOPSTICK"> <a href="/versions/v13/software/S0023/"> CHOPSTICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Chrommme-Chrommme"> <a href="/versions/v13/software/S0667/"> Chrommme </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Circles-Circles"> <a href="/versions/v13/software/S0602/"> Circles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Clambling-Clambling"> <a href="/versions/v13/software/S0660/"> Clambling </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Clop-Clop"> <a href="/versions/v13/software/S0611/"> Clop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CloudDuke-CloudDuke"> <a href="/versions/v13/software/S0054/"> CloudDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="cmd-cmd"> <a href="/versions/v13/software/S0106/"> cmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cobalt Strike-Cobalt Strike"> <a href="/versions/v13/software/S0154/"> Cobalt Strike </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cobian RAT-Cobian RAT"> <a href="/versions/v13/software/S0338/"> Cobian RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CoinTicker-CoinTicker"> <a href="/versions/v13/software/S0369/"> CoinTicker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Comnie-Comnie"> <a href="/versions/v13/software/S0244/"> Comnie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ComRAT-ComRAT"> <a href="/versions/v13/software/S0126/"> ComRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Concipit1248-Concipit1248"> <a href="/versions/v13/software/S0426/"> Concipit1248 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Conficker-Conficker"> <a href="/versions/v13/software/S0608/"> Conficker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ConnectWise-ConnectWise"> <a href="/versions/v13/software/S0591/"> ConnectWise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Conti-Conti"> <a href="/versions/v13/software/S0575/"> Conti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CookieMiner-CookieMiner"> <a href="/versions/v13/software/S0492/"> CookieMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CORALDECK-CORALDECK"> <a href="/versions/v13/software/S0212/"> CORALDECK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CORESHELL-CORESHELL"> <a href="/versions/v13/software/S0137/"> CORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Corona Updates-Corona Updates"> <a href="/versions/v13/software/S0425/"> Corona Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CosmicDuke-CosmicDuke"> <a href="/versions/v13/software/S0050/"> CosmicDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CostaBricks-CostaBricks"> <a href="/versions/v13/software/S0614/"> CostaBricks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CozyCar-CozyCar"> <a href="/versions/v13/software/S0046/"> CozyCar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CrackMapExec-CrackMapExec"> <a href="/versions/v13/software/S0488/"> CrackMapExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CreepyDrive-CreepyDrive"> <a href="/versions/v13/software/S1023/"> CreepyDrive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CreepySnail-CreepySnail"> <a href="/versions/v13/software/S1024/"> CreepySnail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Crimson-Crimson"> <a href="/versions/v13/software/S0115/"> Crimson </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CrossRAT-CrossRAT"> <a href="/versions/v13/software/S0235/"> CrossRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Crutch-Crutch"> <a href="/versions/v13/software/S0538/"> Crutch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cryptoistic-Cryptoistic"> <a href="/versions/v13/software/S0498/"> Cryptoistic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="CSPY Downloader-CSPY Downloader"> <a href="/versions/v13/software/S0527/"> CSPY Downloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cuba-Cuba"> <a href="/versions/v13/software/S0625/"> Cuba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Cyclops Blink-Cyclops Blink"> <a href="/versions/v13/software/S0687/"> Cyclops Blink </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dacls-Dacls"> <a href="/versions/v13/software/S0497/"> Dacls </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DanBot-DanBot"> <a href="/versions/v13/software/S1014/"> DanBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DarkComet-DarkComet"> <a href="/versions/v13/software/S0334/"> DarkComet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DarkTortilla-DarkTortilla"> <a href="/versions/v13/software/S1066/"> DarkTortilla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DarkWatchman-DarkWatchman"> <a href="/versions/v13/software/S0673/"> DarkWatchman </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Daserf-Daserf"> <a href="/versions/v13/software/S0187/"> Daserf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DCSrv-DCSrv"> <a href="/versions/v13/software/S1033/"> DCSrv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DDKONG-DDKONG"> <a href="/versions/v13/software/S0255/"> DDKONG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DEADEYE-DEADEYE"> <a href="/versions/v13/software/S1052/"> DEADEYE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DealersChoice-DealersChoice"> <a href="/versions/v13/software/S0243/"> DealersChoice </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DEATHRANSOM-DEATHRANSOM"> <a href="/versions/v13/software/S0616/"> DEATHRANSOM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DEFENSOR ID-DEFENSOR ID"> <a href="/versions/v13/software/S0479/"> DEFENSOR ID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dendroid-Dendroid"> <a href="/versions/v13/software/S0301/"> Dendroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Denis-Denis"> <a href="/versions/v13/software/S0354/"> Denis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Derusbi-Derusbi"> <a href="/versions/v13/software/S0021/"> Derusbi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Desert Scorpion-Desert Scorpion"> <a href="/versions/v13/software/S0505/"> Desert Scorpion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Diavol-Diavol"> <a href="/versions/v13/software/S0659/"> Diavol </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dipsind-Dipsind"> <a href="/versions/v13/software/S0200/"> Dipsind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DnsSystem-DnsSystem"> <a href="/versions/v13/software/S1021/"> DnsSystem </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DOGCALL-DOGCALL"> <a href="/versions/v13/software/S0213/"> DOGCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dok-Dok"> <a href="/versions/v13/software/S0281/"> Dok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Doki-Doki"> <a href="/versions/v13/software/S0600/"> Doki </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Donut-Donut"> <a href="/versions/v13/software/S0695/"> Donut </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DoubleAgent-DoubleAgent"> <a href="/versions/v13/software/S0550/"> DoubleAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="down_new-down_new"> <a href="/versions/v13/software/S0472/"> down_new </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Downdelph-Downdelph"> <a href="/versions/v13/software/S0134/"> Downdelph </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DownPaper-DownPaper"> <a href="/versions/v13/software/S0186/"> DownPaper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DRATzarus-DRATzarus"> <a href="/versions/v13/software/S0694/"> DRATzarus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DressCode-DressCode"> <a href="/versions/v13/software/S0300/"> DressCode </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dridex-Dridex"> <a href="/versions/v13/software/S0384/"> Dridex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Drinik-Drinik"> <a href="/versions/v13/software/S1054/"> Drinik </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DroidJack-DroidJack"> <a href="/versions/v13/software/S0320/"> DroidJack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DropBook-DropBook"> <a href="/versions/v13/software/S0547/"> DropBook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Drovorub-Drovorub"> <a href="/versions/v13/software/S0502/"> Drovorub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="dsquery-dsquery"> <a href="/versions/v13/software/S0105/"> dsquery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dtrack-Dtrack"> <a href="/versions/v13/software/S0567/"> Dtrack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DualToy-DualToy"> <a href="/versions/v13/software/S0315/"> DualToy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Duqu-Duqu"> <a href="/versions/v13/software/S0038/"> Duqu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="DustySky-DustySky"> <a href="/versions/v13/software/S0062/"> DustySky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dvmap-Dvmap"> <a href="/versions/v13/software/S0420/"> Dvmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Dyre-Dyre"> <a href="/versions/v13/software/S0024/"> Dyre </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ebury-Ebury"> <a href="/versions/v13/software/S0377/"> Ebury </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ECCENTRICBANDWAGON-ECCENTRICBANDWAGON"> <a href="/versions/v13/software/S0593/"> ECCENTRICBANDWAGON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ecipekac-Ecipekac"> <a href="/versions/v13/software/S0624/"> Ecipekac </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Egregor-Egregor"> <a href="/versions/v13/software/S0554/"> Egregor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EKANS-EKANS"> <a href="/versions/v13/software/S0605/"> EKANS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Elise-Elise"> <a href="/versions/v13/software/S0081/"> Elise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ELMER-ELMER"> <a href="/versions/v13/software/S0064/"> ELMER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Emissary-Emissary"> <a href="/versions/v13/software/S0082/"> Emissary </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Emotet-Emotet"> <a href="/versions/v13/software/S0367/"> Emotet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Empire-Empire"> <a href="/versions/v13/software/S0363/"> Empire </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EnvyScout-EnvyScout"> <a href="/versions/v13/software/S0634/"> EnvyScout </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Epic-Epic"> <a href="/versions/v13/software/S0091/"> Epic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="esentutl-esentutl"> <a href="/versions/v13/software/S0404/"> esentutl </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="eSurv-eSurv"> <a href="/versions/v13/software/S0507/"> eSurv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EventBot-EventBot"> <a href="/versions/v13/software/S0478/"> EventBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EvilBunny-EvilBunny"> <a href="/versions/v13/software/S0396/"> EvilBunny </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EvilGrab-EvilGrab"> <a href="/versions/v13/software/S0152/"> EvilGrab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="EVILNUM-EVILNUM"> <a href="/versions/v13/software/S0568/"> EVILNUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Exaramel for Linux-Exaramel for Linux"> <a href="/versions/v13/software/S0401/"> Exaramel for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Exaramel for Windows-Exaramel for Windows"> <a href="/versions/v13/software/S0343/"> Exaramel for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Exobot-Exobot"> <a href="/versions/v13/software/S0522/"> Exobot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Exodus-Exodus"> <a href="/versions/v13/software/S0405/"> Exodus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Expand-Expand"> <a href="/versions/v13/software/S0361/"> Expand </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Explosive-Explosive"> <a href="/versions/v13/software/S0569/"> Explosive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FakeM-FakeM"> <a href="/versions/v13/software/S0076/"> FakeM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FakeSpy-FakeSpy"> <a href="/versions/v13/software/S0509/"> FakeSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FALLCHILL-FALLCHILL"> <a href="/versions/v13/software/S0181/"> FALLCHILL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FatDuke-FatDuke"> <a href="/versions/v13/software/S0512/"> FatDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Felismus-Felismus"> <a href="/versions/v13/software/S0171/"> Felismus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FELIXROOT-FELIXROOT"> <a href="/versions/v13/software/S0267/"> FELIXROOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ferocious-Ferocious"> <a href="/versions/v13/software/S0679/"> Ferocious </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Fgdump-Fgdump"> <a href="/versions/v13/software/S0120/"> Fgdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Final1stspy-Final1stspy"> <a href="/versions/v13/software/S0355/"> Final1stspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FinFisher-FinFisher"> <a href="/versions/v13/software/S0182/"> FinFisher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FIVEHANDS-FIVEHANDS"> <a href="/versions/v13/software/S0618/"> FIVEHANDS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Flagpro-Flagpro"> <a href="/versions/v13/software/S0696/"> Flagpro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Flame-Flame"> <a href="/versions/v13/software/S0143/"> Flame </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FLASHFLOOD-FLASHFLOOD"> <a href="/versions/v13/software/S0036/"> FLASHFLOOD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FlawedAmmyy-FlawedAmmyy"> <a href="/versions/v13/software/S0381/"> FlawedAmmyy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FlawedGrace-FlawedGrace"> <a href="/versions/v13/software/S0383/"> FlawedGrace </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FlexiSpy-FlexiSpy"> <a href="/versions/v13/software/S0408/"> FlexiSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FLIPSIDE-FLIPSIDE"> <a href="/versions/v13/software/S0173/"> FLIPSIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FluBot-FluBot"> <a href="/versions/v13/software/S1067/"> FluBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FoggyWeb-FoggyWeb"> <a href="/versions/v13/software/S0661/"> FoggyWeb </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Forfiles-Forfiles"> <a href="/versions/v13/software/S0193/"> Forfiles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FrameworkPOS-FrameworkPOS"> <a href="/versions/v13/software/S0503/"> FrameworkPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FrozenCell-FrozenCell"> <a href="/versions/v13/software/S0577/"> FrozenCell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FruitFly-FruitFly"> <a href="/versions/v13/software/S0277/"> FruitFly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ftp-ftp"> <a href="/versions/v13/software/S0095/"> ftp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FunnyDream-FunnyDream"> <a href="/versions/v13/software/S1044/"> FunnyDream </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="FYAnti-FYAnti"> <a href="/versions/v13/software/S0628/"> FYAnti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Fysbis-Fysbis"> <a href="/versions/v13/software/S0410/"> Fysbis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Gazer-Gazer"> <a href="/versions/v13/software/S0168/"> Gazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Gelsemium-Gelsemium"> <a href="/versions/v13/software/S0666/"> Gelsemium </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GeminiDuke-GeminiDuke"> <a href="/versions/v13/software/S0049/"> GeminiDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Get2-Get2"> <a href="/versions/v13/software/S0460/"> Get2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="gh0st RAT-gh0st RAT"> <a href="/versions/v13/software/S0032/"> gh0st RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ginp-Ginp"> <a href="/versions/v13/software/S0423/"> Ginp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GLOOXMAIL-GLOOXMAIL"> <a href="/versions/v13/software/S0026/"> GLOOXMAIL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Gold Dragon-Gold Dragon"> <a href="/versions/v13/software/S0249/"> Gold Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Golden Cup-Golden Cup"> <a href="/versions/v13/software/S0535/"> Golden Cup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GoldenEagle-GoldenEagle"> <a href="/versions/v13/software/S0551/"> GoldenEagle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GoldenSpy-GoldenSpy"> <a href="/versions/v13/software/S0493/"> GoldenSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GoldFinder-GoldFinder"> <a href="/versions/v13/software/S0597/"> GoldFinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GoldMax-GoldMax"> <a href="/versions/v13/software/S0588/"> GoldMax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GolfSpy-GolfSpy"> <a href="/versions/v13/software/S0421/"> GolfSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Gooligan-Gooligan"> <a href="/versions/v13/software/S0290/"> Gooligan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Goopy-Goopy"> <a href="/versions/v13/software/S0477/"> Goopy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GPlayed-GPlayed"> <a href="/versions/v13/software/S0536/"> GPlayed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Grandoreiro-Grandoreiro"> <a href="/versions/v13/software/S0531/"> Grandoreiro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GravityRAT-GravityRAT"> <a href="/versions/v13/software/S0237/"> GravityRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Green Lambert-Green Lambert"> <a href="/versions/v13/software/S0690/"> Green Lambert </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GreyEnergy-GreyEnergy"> <a href="/versions/v13/software/S0342/"> GreyEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GRIFFON-GRIFFON"> <a href="/versions/v13/software/S0417/"> GRIFFON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GrimAgent-GrimAgent"> <a href="/versions/v13/software/S0632/"> GrimAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="gsecdump-gsecdump"> <a href="/versions/v13/software/S0008/"> gsecdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="GuLoader-GuLoader"> <a href="/versions/v13/software/S0561/"> GuLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Gustuff-Gustuff"> <a href="/versions/v13/software/S0406/"> Gustuff </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="H1N1-H1N1"> <a href="/versions/v13/software/S0132/"> H1N1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hacking Team UEFI Rootkit-Hacking Team UEFI Rootkit"> <a href="/versions/v13/software/S0047/"> Hacking Team UEFI Rootkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HALFBAKED-HALFBAKED"> <a href="/versions/v13/software/S0151/"> HALFBAKED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HAMMERTOSS-HAMMERTOSS"> <a href="/versions/v13/software/S0037/"> HAMMERTOSS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hancitor-Hancitor"> <a href="/versions/v13/software/S0499/"> Hancitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HAPPYWORK-HAPPYWORK"> <a href="/versions/v13/software/S0214/"> HAPPYWORK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HARDRAIN-HARDRAIN"> <a href="/versions/v13/software/S0246/"> HARDRAIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Havij-Havij"> <a href="/versions/v13/software/S0224/"> Havij </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HAWKBALL-HAWKBALL"> <a href="/versions/v13/software/S0391/"> HAWKBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="hcdLoader-hcdLoader"> <a href="/versions/v13/software/S0071/"> hcdLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HDoor-HDoor"> <a href="/versions/v13/software/S0061/"> HDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HELLOKITTY-HELLOKITTY"> <a href="/versions/v13/software/S0617/"> HELLOKITTY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Helminth-Helminth"> <a href="/versions/v13/software/S0170/"> Helminth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HenBox-HenBox"> <a href="/versions/v13/software/S0544/"> HenBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HermeticWiper-HermeticWiper"> <a href="/versions/v13/software/S0697/"> HermeticWiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HermeticWizard-HermeticWizard"> <a href="/versions/v13/software/S0698/"> HermeticWizard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Heyoka Backdoor-Heyoka Backdoor"> <a href="/versions/v13/software/S1027/"> Heyoka Backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hi-Zor-Hi-Zor"> <a href="/versions/v13/software/S0087/"> Hi-Zor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HiddenWasp-HiddenWasp"> <a href="/versions/v13/software/S0394/"> HiddenWasp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HIDEDRV-HIDEDRV"> <a href="/versions/v13/software/S0135/"> HIDEDRV </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hikit-Hikit"> <a href="/versions/v13/software/S0009/"> Hikit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hildegard-Hildegard"> <a href="/versions/v13/software/S0601/"> Hildegard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HOMEFRY-HOMEFRY"> <a href="/versions/v13/software/S0232/"> HOMEFRY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HOPLIGHT-HOPLIGHT"> <a href="/versions/v13/software/S0376/"> HOPLIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HotCroissant-HotCroissant"> <a href="/versions/v13/software/S0431/"> HotCroissant </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HTRAN-HTRAN"> <a href="/versions/v13/software/S0040/"> HTRAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HTTPBrowser-HTTPBrowser"> <a href="/versions/v13/software/S0070/"> HTTPBrowser </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="httpclient-httpclient"> <a href="/versions/v13/software/S0068/"> httpclient </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HummingBad-HummingBad"> <a href="/versions/v13/software/S0322/"> HummingBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HummingWhale-HummingWhale"> <a href="/versions/v13/software/S0321/"> HummingWhale </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Hydraq-Hydraq"> <a href="/versions/v13/software/S0203/"> Hydraq </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HyperBro-HyperBro"> <a href="/versions/v13/software/S0398/"> HyperBro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="HyperStack-HyperStack"> <a href="/versions/v13/software/S0537/"> HyperStack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="IceApple-IceApple"> <a href="/versions/v13/software/S1022/"> IceApple </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="IcedID-IcedID"> <a href="/versions/v13/software/S0483/"> IcedID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ifconfig-ifconfig"> <a href="/versions/v13/software/S0101/"> ifconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="iKitten-iKitten"> <a href="/versions/v13/software/S0278/"> iKitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Imminent Monitor-Imminent Monitor"> <a href="/versions/v13/software/S0434/"> Imminent Monitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Impacket-Impacket"> <a href="/versions/v13/software/S0357/"> Impacket </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="INCONTROLLER-INCONTROLLER"> <a href="/versions/v13/software/S1045/"> INCONTROLLER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Industroyer-Industroyer"> <a href="/versions/v13/software/S0604/"> Industroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Industroyer2-Industroyer2"> <a href="/versions/v13/software/S1072/"> Industroyer2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="InnaputRAT-InnaputRAT"> <a href="/versions/v13/software/S0259/"> InnaputRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="INSOMNIA-INSOMNIA"> <a href="/versions/v13/software/S0463/"> INSOMNIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active " id="InvisiMole-InvisiMole"> <a href="/versions/v13/software/S0260/"> InvisiMole </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Invoke-PSImage-Invoke-PSImage"> <a href="/versions/v13/software/S0231/"> Invoke-PSImage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ipconfig-ipconfig"> <a href="/versions/v13/software/S0100/"> ipconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="IronNetInjector-IronNetInjector"> <a href="/versions/v13/software/S0581/"> IronNetInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ISMInjector-ISMInjector"> <a href="/versions/v13/software/S0189/"> ISMInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ixeshe-Ixeshe"> <a href="/versions/v13/software/S0015/"> Ixeshe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Janicab-Janicab"> <a href="/versions/v13/software/S0163/"> Janicab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Javali-Javali"> <a href="/versions/v13/software/S0528/"> Javali </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="JCry-JCry"> <a href="/versions/v13/software/S0389/"> JCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="JHUHUGIT-JHUHUGIT"> <a href="/versions/v13/software/S0044/"> JHUHUGIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="JPIN-JPIN"> <a href="/versions/v13/software/S0201/"> JPIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="jRAT-jRAT"> <a href="/versions/v13/software/S0283/"> jRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="JSS Loader-JSS Loader"> <a href="/versions/v13/software/S0648/"> JSS Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Judy-Judy"> <a href="/versions/v13/software/S0325/"> Judy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KARAE-KARAE"> <a href="/versions/v13/software/S0215/"> KARAE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kasidet-Kasidet"> <a href="/versions/v13/software/S0088/"> Kasidet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kazuar-Kazuar"> <a href="/versions/v13/software/S0265/"> Kazuar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kerrdown-Kerrdown"> <a href="/versions/v13/software/S0585/"> Kerrdown </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kessel-Kessel"> <a href="/versions/v13/software/S0487/"> Kessel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kevin-Kevin"> <a href="/versions/v13/software/S1020/"> Kevin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KeyBoy-KeyBoy"> <a href="/versions/v13/software/S0387/"> KeyBoy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Keydnap-Keydnap"> <a href="/versions/v13/software/S0276/"> Keydnap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KEYMARBLE-KEYMARBLE"> <a href="/versions/v13/software/S0271/"> KEYMARBLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KEYPLUG-KEYPLUG"> <a href="/versions/v13/software/S1051/"> KEYPLUG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KeyRaider-KeyRaider"> <a href="/versions/v13/software/S0288/"> KeyRaider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KGH_SPY-KGH_SPY"> <a href="/versions/v13/software/S0526/"> KGH_SPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KillDisk-KillDisk"> <a href="/versions/v13/software/S0607/"> KillDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kinsing-Kinsing"> <a href="/versions/v13/software/S0599/"> Kinsing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kivars-Kivars"> <a href="/versions/v13/software/S0437/"> Kivars </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Koadic-Koadic"> <a href="/versions/v13/software/S0250/"> Koadic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kobalos-Kobalos"> <a href="/versions/v13/software/S0641/"> Kobalos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KOCTOPUS-KOCTOPUS"> <a href="/versions/v13/software/S0669/"> KOCTOPUS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Komplex-Komplex"> <a href="/versions/v13/software/S0162/"> Komplex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KOMPROGO-KOMPROGO"> <a href="/versions/v13/software/S0156/"> KOMPROGO </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="KONNI-KONNI"> <a href="/versions/v13/software/S0356/"> KONNI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Kwampirs-Kwampirs"> <a href="/versions/v13/software/S0236/"> Kwampirs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LaZagne-LaZagne"> <a href="/versions/v13/software/S0349/"> LaZagne </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LightNeuron-LightNeuron"> <a href="/versions/v13/software/S0395/"> LightNeuron </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Linfo-Linfo"> <a href="/versions/v13/software/S0211/"> Linfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Linux Rabbit-Linux Rabbit"> <a href="/versions/v13/software/S0362/"> Linux Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LiteDuke-LiteDuke"> <a href="/versions/v13/software/S0513/"> LiteDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LitePower-LitePower"> <a href="/versions/v13/software/S0680/"> LitePower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Lizar-Lizar"> <a href="/versions/v13/software/S0681/"> Lizar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LockerGoga-LockerGoga"> <a href="/versions/v13/software/S0372/"> LockerGoga </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LoJax-LoJax"> <a href="/versions/v13/software/S0397/"> LoJax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Lokibot-Lokibot"> <a href="/versions/v13/software/S0447/"> Lokibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LookBack-LookBack"> <a href="/versions/v13/software/S0582/"> LookBack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LoudMiner-LoudMiner"> <a href="/versions/v13/software/S0451/"> LoudMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="LOWBALL-LOWBALL"> <a href="/versions/v13/software/S0042/"> LOWBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Lslsass-Lslsass"> <a href="/versions/v13/software/S0121/"> Lslsass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Lucifer-Lucifer"> <a href="/versions/v13/software/S0532/"> Lucifer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Lurid-Lurid"> <a href="/versions/v13/software/S0010/"> Lurid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Machete-Machete"> <a href="/versions/v13/software/S0409/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MacMa-MacMa"> <a href="/versions/v13/software/S1016/"> MacMa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="macOS.OSAMiner-macOS.OSAMiner"> <a href="/versions/v13/software/S1048/"> macOS.OSAMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MacSpy-MacSpy"> <a href="/versions/v13/software/S0282/"> MacSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mafalda-Mafalda"> <a href="/versions/v13/software/S1060/"> Mafalda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MailSniper-MailSniper"> <a href="/versions/v13/software/S0413/"> MailSniper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mandrake-Mandrake"> <a href="/versions/v13/software/S0485/"> Mandrake </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Marcher-Marcher"> <a href="/versions/v13/software/S0317/"> Marcher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MarkiRAT-MarkiRAT"> <a href="/versions/v13/software/S0652/"> MarkiRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Matryoshka-Matryoshka"> <a href="/versions/v13/software/S0167/"> Matryoshka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MazarBOT-MazarBOT"> <a href="/versions/v13/software/S0303/"> MazarBOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Maze-Maze"> <a href="/versions/v13/software/S0449/"> Maze </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MCMD-MCMD"> <a href="/versions/v13/software/S0500/"> MCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MechaFlounder-MechaFlounder"> <a href="/versions/v13/software/S0459/"> MechaFlounder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="meek-meek"> <a href="/versions/v13/software/S0175/"> meek </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MegaCortex-MegaCortex"> <a href="/versions/v13/software/S0576/"> MegaCortex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Melcoz-Melcoz"> <a href="/versions/v13/software/S0530/"> Melcoz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MESSAGETAP-MESSAGETAP"> <a href="/versions/v13/software/S0443/"> MESSAGETAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="metaMain-metaMain"> <a href="/versions/v13/software/S1059/"> metaMain </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Metamorfo-Metamorfo"> <a href="/versions/v13/software/S0455/"> Metamorfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Meteor-Meteor"> <a href="/versions/v13/software/S0688/"> Meteor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Micropsia-Micropsia"> <a href="/versions/v13/software/S0339/"> Micropsia </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Milan-Milan"> <a href="/versions/v13/software/S1015/"> Milan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mimikatz-Mimikatz"> <a href="/versions/v13/software/S0002/"> Mimikatz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MimiPenguin-MimiPenguin"> <a href="/versions/v13/software/S0179/"> MimiPenguin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Miner-C-Miner-C"> <a href="/versions/v13/software/S0133/"> Miner-C </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MiniDuke-MiniDuke"> <a href="/versions/v13/software/S0051/"> MiniDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MirageFox-MirageFox"> <a href="/versions/v13/software/S0280/"> MirageFox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mis-Type-Mis-Type"> <a href="/versions/v13/software/S0084/"> Mis-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Misdat-Misdat"> <a href="/versions/v13/software/S0083/"> Misdat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mivast-Mivast"> <a href="/versions/v13/software/S0080/"> Mivast </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MobileOrder-MobileOrder"> <a href="/versions/v13/software/S0079/"> MobileOrder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MoleNet-MoleNet"> <a href="/versions/v13/software/S0553/"> MoleNet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mongall-Mongall"> <a href="/versions/v13/software/S1026/"> Mongall </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Monokle-Monokle"> <a href="/versions/v13/software/S0407/"> Monokle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MoonWind-MoonWind"> <a href="/versions/v13/software/S0149/"> MoonWind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="More_eggs-More_eggs"> <a href="/versions/v13/software/S0284/"> More_eggs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mori-Mori"> <a href="/versions/v13/software/S1047/"> Mori </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mosquito-Mosquito"> <a href="/versions/v13/software/S0256/"> Mosquito </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="MURKYTOP-MURKYTOP"> <a href="/versions/v13/software/S0233/"> MURKYTOP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mythic-Mythic"> <a href="/versions/v13/software/S0699/"> Mythic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Naid-Naid"> <a href="/versions/v13/software/S0205/"> Naid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NanHaiShu-NanHaiShu"> <a href="/versions/v13/software/S0228/"> NanHaiShu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NanoCore-NanoCore"> <a href="/versions/v13/software/S0336/"> NanoCore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NativeZone-NativeZone"> <a href="/versions/v13/software/S0637/"> NativeZone </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NavRAT-NavRAT"> <a href="/versions/v13/software/S0247/"> NavRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NBTscan-NBTscan"> <a href="/versions/v13/software/S0590/"> NBTscan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="nbtstat-nbtstat"> <a href="/versions/v13/software/S0102/"> nbtstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NDiskMonitor-NDiskMonitor"> <a href="/versions/v13/software/S0272/"> NDiskMonitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Nebulae-Nebulae"> <a href="/versions/v13/software/S0630/"> Nebulae </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Neoichor-Neoichor"> <a href="/versions/v13/software/S0691/"> Neoichor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Nerex-Nerex"> <a href="/versions/v13/software/S0210/"> Nerex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Net-Net"> <a href="/versions/v13/software/S0039/"> Net </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Net Crawler-Net Crawler"> <a href="/versions/v13/software/S0056/"> Net Crawler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NETEAGLE-NETEAGLE"> <a href="/versions/v13/software/S0034/"> NETEAGLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="netsh-netsh"> <a href="/versions/v13/software/S0108/"> netsh </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="netstat-netstat"> <a href="/versions/v13/software/S0104/"> netstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NetTraveler-NetTraveler"> <a href="/versions/v13/software/S0033/"> NetTraveler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Netwalker-Netwalker"> <a href="/versions/v13/software/S0457/"> Netwalker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NETWIRE-NETWIRE"> <a href="/versions/v13/software/S0198/"> NETWIRE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ngrok-Ngrok"> <a href="/versions/v13/software/S0508/"> Ngrok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Nidiran-Nidiran"> <a href="/versions/v13/software/S0118/"> Nidiran </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="njRAT-njRAT"> <a href="/versions/v13/software/S0385/"> njRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Nltest-Nltest"> <a href="/versions/v13/software/S0359/"> Nltest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NOKKI-NOKKI"> <a href="/versions/v13/software/S0353/"> NOKKI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NotCompatible-NotCompatible"> <a href="/versions/v13/software/S0299/"> NotCompatible </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="NotPetya-NotPetya"> <a href="/versions/v13/software/S0368/"> NotPetya </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OBAD-OBAD"> <a href="/versions/v13/software/S0286/"> OBAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ObliqueRAT-ObliqueRAT"> <a href="/versions/v13/software/S0644/"> ObliqueRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OceanSalt-OceanSalt"> <a href="/versions/v13/software/S0346/"> OceanSalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Octopus-Octopus"> <a href="/versions/v13/software/S0340/"> Octopus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Okrum-Okrum"> <a href="/versions/v13/software/S0439/"> Okrum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OLDBAIT-OLDBAIT"> <a href="/versions/v13/software/S0138/"> OLDBAIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OldBoot-OldBoot"> <a href="/versions/v13/software/S0285/"> OldBoot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Olympic Destroyer-Olympic Destroyer"> <a href="/versions/v13/software/S0365/"> Olympic Destroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OnionDuke-OnionDuke"> <a href="/versions/v13/software/S0052/"> OnionDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OopsIE-OopsIE"> <a href="/versions/v13/software/S0264/"> OopsIE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Orz-Orz"> <a href="/versions/v13/software/S0229/"> Orz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OSInfo-OSInfo"> <a href="/versions/v13/software/S0165/"> OSInfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OSX/Shlayer-OSX/Shlayer"> <a href="/versions/v13/software/S0402/"> OSX/Shlayer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OSX_OCEANLOTUS.D-OSX_OCEANLOTUS.D"> <a href="/versions/v13/software/S0352/"> OSX_OCEANLOTUS.D </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Out1-Out1"> <a href="/versions/v13/software/S0594/"> Out1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OutSteel-OutSteel"> <a href="/versions/v13/software/S1017/"> OutSteel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="OwaAuth-OwaAuth"> <a href="/versions/v13/software/S0072/"> OwaAuth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="P.A.S. Webshell-P.A.S. Webshell"> <a href="/versions/v13/software/S0598/"> P.A.S. Webshell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="P2P ZeuS-P2P ZeuS"> <a href="/versions/v13/software/S0016/"> P2P ZeuS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="P8RAT-P8RAT"> <a href="/versions/v13/software/S0626/"> P8RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pallas-Pallas"> <a href="/versions/v13/software/S0399/"> Pallas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pandora-Pandora"> <a href="/versions/v13/software/S0664/"> Pandora </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pasam-Pasam"> <a href="/versions/v13/software/S0208/"> Pasam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pass-The-Hash Toolkit-Pass-The-Hash Toolkit"> <a href="/versions/v13/software/S0122/"> Pass-The-Hash Toolkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pay2Key-Pay2Key"> <a href="/versions/v13/software/S0556/"> Pay2Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PcShare-PcShare"> <a href="/versions/v13/software/S1050/"> PcShare </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pegasus for Android-Pegasus for Android"> <a href="/versions/v13/software/S0316/"> Pegasus for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pegasus for iOS-Pegasus for iOS"> <a href="/versions/v13/software/S0289/"> Pegasus for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Peirates-Peirates"> <a href="/versions/v13/software/S0683/"> Peirates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Penquin-Penquin"> <a href="/versions/v13/software/S0587/"> Penquin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Peppy-Peppy"> <a href="/versions/v13/software/S0643/"> Peppy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PHOREAL-PHOREAL"> <a href="/versions/v13/software/S0158/"> PHOREAL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pillowmint-Pillowmint"> <a href="/versions/v13/software/S0517/"> Pillowmint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PinchDuke-PinchDuke"> <a href="/versions/v13/software/S0048/"> PinchDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ping-Ping"> <a href="/versions/v13/software/S0097/"> Ping </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PingPull-PingPull"> <a href="/versions/v13/software/S1031/"> PingPull </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PipeMon-PipeMon"> <a href="/versions/v13/software/S0501/"> PipeMon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pisloader-Pisloader"> <a href="/versions/v13/software/S0124/"> Pisloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PJApps-PJApps"> <a href="/versions/v13/software/S0291/"> PJApps </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PLAINTEE-PLAINTEE"> <a href="/versions/v13/software/S0254/"> PLAINTEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PLC-Blaster-PLC-Blaster"> <a href="/versions/v13/software/S1006/"> PLC-Blaster </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PLEAD-PLEAD"> <a href="/versions/v13/software/S0435/"> PLEAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PlugX-PlugX"> <a href="/versions/v13/software/S0013/"> PlugX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="pngdowner-pngdowner"> <a href="/versions/v13/software/S0067/"> pngdowner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PoetRAT-PoetRAT"> <a href="/versions/v13/software/S0428/"> PoetRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PoisonIvy-PoisonIvy"> <a href="/versions/v13/software/S0012/"> PoisonIvy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PolyglotDuke-PolyglotDuke"> <a href="/versions/v13/software/S0518/"> PolyglotDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pony-Pony"> <a href="/versions/v13/software/S0453/"> Pony </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POORAIM-POORAIM"> <a href="/versions/v13/software/S0216/"> POORAIM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PoshC2-PoshC2"> <a href="/versions/v13/software/S0378/"> PoshC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POSHSPY-POSHSPY"> <a href="/versions/v13/software/S0150/"> POSHSPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Power Loader-Power Loader"> <a href="/versions/v13/software/S0177/"> Power Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerDuke-PowerDuke"> <a href="/versions/v13/software/S0139/"> PowerDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerLess-PowerLess"> <a href="/versions/v13/software/S1012/"> PowerLess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerPunch-PowerPunch"> <a href="/versions/v13/software/S0685/"> PowerPunch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerShower-PowerShower"> <a href="/versions/v13/software/S0441/"> PowerShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POWERSOURCE-POWERSOURCE"> <a href="/versions/v13/software/S0145/"> POWERSOURCE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerSploit-PowerSploit"> <a href="/versions/v13/software/S0194/"> PowerSploit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowerStallion-PowerStallion"> <a href="/versions/v13/software/S0393/"> PowerStallion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POWERSTATS-POWERSTATS"> <a href="/versions/v13/software/S0223/"> POWERSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POWERTON-POWERTON"> <a href="/versions/v13/software/S0371/"> POWERTON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PowGoop-PowGoop"> <a href="/versions/v13/software/S1046/"> PowGoop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="POWRUNER-POWRUNER"> <a href="/versions/v13/software/S0184/"> POWRUNER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Prestige-Prestige"> <a href="/versions/v13/software/S1058/"> Prestige </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Prikormka-Prikormka"> <a href="/versions/v13/software/S0113/"> Prikormka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ProLock-ProLock"> <a href="/versions/v13/software/S0654/"> ProLock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Proton-Proton"> <a href="/versions/v13/software/S0279/"> Proton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Proxysvc-Proxysvc"> <a href="/versions/v13/software/S0238/"> Proxysvc </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PS1-PS1"> <a href="/versions/v13/software/S0613/"> PS1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PsExec-PsExec"> <a href="/versions/v13/software/S0029/"> PsExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Psylo-Psylo"> <a href="/versions/v13/software/S0078/"> Psylo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pteranodon-Pteranodon"> <a href="/versions/v13/software/S0147/"> Pteranodon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PUNCHBUGGY-PUNCHBUGGY"> <a href="/versions/v13/software/S0196/"> PUNCHBUGGY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PUNCHTRACK-PUNCHTRACK"> <a href="/versions/v13/software/S0197/"> PUNCHTRACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pupy-Pupy"> <a href="/versions/v13/software/S0192/"> Pupy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="pwdump-pwdump"> <a href="/versions/v13/software/S0006/"> pwdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="PyDCrypt-PyDCrypt"> <a href="/versions/v13/software/S1032/"> PyDCrypt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Pysa-Pysa"> <a href="/versions/v13/software/S0583/"> Pysa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="QakBot-QakBot"> <a href="/versions/v13/software/S0650/"> QakBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="QUADAGENT-QUADAGENT"> <a href="/versions/v13/software/S0269/"> QUADAGENT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="QuasarRAT-QuasarRAT"> <a href="/versions/v13/software/S0262/"> QuasarRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="QuietSieve-QuietSieve"> <a href="/versions/v13/software/S0686/"> QuietSieve </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ragnar Locker-Ragnar Locker"> <a href="/versions/v13/software/S0481/"> Ragnar Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Raindrop-Raindrop"> <a href="/versions/v13/software/S0565/"> Raindrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RainyDay-RainyDay"> <a href="/versions/v13/software/S0629/"> RainyDay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ramsay-Ramsay"> <a href="/versions/v13/software/S0458/"> Ramsay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RARSTONE-RARSTONE"> <a href="/versions/v13/software/S0055/"> RARSTONE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RATANKBA-RATANKBA"> <a href="/versions/v13/software/S0241/"> RATANKBA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RawDisk-RawDisk"> <a href="/versions/v13/software/S0364/"> RawDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RawPOS-RawPOS"> <a href="/versions/v13/software/S0169/"> RawPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rclone-Rclone"> <a href="/versions/v13/software/S1040/"> Rclone </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RCSAndroid-RCSAndroid"> <a href="/versions/v13/software/S0295/"> RCSAndroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RCSession-RCSession"> <a href="/versions/v13/software/S0662/"> RCSession </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RDAT-RDAT"> <a href="/versions/v13/software/S0495/"> RDAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RDFSNIFFER-RDFSNIFFER"> <a href="/versions/v13/software/S0416/"> RDFSNIFFER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Reaver-Reaver"> <a href="/versions/v13/software/S0172/"> Reaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Red Alert 2.0-Red Alert 2.0"> <a href="/versions/v13/software/S0539/"> Red Alert 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RedDrop-RedDrop"> <a href="/versions/v13/software/S0326/"> RedDrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RedLeaves-RedLeaves"> <a href="/versions/v13/software/S0153/"> RedLeaves </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Reg-Reg"> <a href="/versions/v13/software/S0075/"> Reg </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RegDuke-RegDuke"> <a href="/versions/v13/software/S0511/"> RegDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Regin-Regin"> <a href="/versions/v13/software/S0019/"> Regin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Remcos-Remcos"> <a href="/versions/v13/software/S0332/"> Remcos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Remexi-Remexi"> <a href="/versions/v13/software/S0375/"> Remexi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RemoteCMD-RemoteCMD"> <a href="/versions/v13/software/S0166/"> RemoteCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RemoteUtilities-RemoteUtilities"> <a href="/versions/v13/software/S0592/"> RemoteUtilities </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Remsec-Remsec"> <a href="/versions/v13/software/S0125/"> Remsec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Responder-Responder"> <a href="/versions/v13/software/S0174/"> Responder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Revenge RAT-Revenge RAT"> <a href="/versions/v13/software/S0379/"> Revenge RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="REvil-REvil"> <a href="/versions/v13/software/S0496/"> REvil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RGDoor-RGDoor"> <a href="/versions/v13/software/S0258/"> RGDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rifdoor-Rifdoor"> <a href="/versions/v13/software/S0433/"> Rifdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Riltok-Riltok"> <a href="/versions/v13/software/S0403/"> Riltok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RIPTIDE-RIPTIDE"> <a href="/versions/v13/software/S0003/"> RIPTIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rising Sun-Rising Sun"> <a href="/versions/v13/software/S0448/"> Rising Sun </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ROADTools-ROADTools"> <a href="/versions/v13/software/S0684/"> ROADTools </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RobbinHood-RobbinHood"> <a href="/versions/v13/software/S0400/"> RobbinHood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ROCKBOOT-ROCKBOOT"> <a href="/versions/v13/software/S0112/"> ROCKBOOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RogueRobin-RogueRobin"> <a href="/versions/v13/software/S0270/"> RogueRobin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ROKRAT-ROKRAT"> <a href="/versions/v13/software/S0240/"> ROKRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rotexy-Rotexy"> <a href="/versions/v13/software/S0411/"> Rotexy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="route-route"> <a href="/versions/v13/software/S0103/"> route </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rover-Rover"> <a href="/versions/v13/software/S0090/"> Rover </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Royal-Royal"> <a href="/versions/v13/software/S1073/"> Royal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RTM-RTM"> <a href="/versions/v13/software/S0148/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Rubeus-Rubeus"> <a href="/versions/v13/software/S1071/"> Rubeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ruler-Ruler"> <a href="/versions/v13/software/S0358/"> Ruler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RuMMS-RuMMS"> <a href="/versions/v13/software/S0313/"> RuMMS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="RunningRAT-RunningRAT"> <a href="/versions/v13/software/S0253/"> RunningRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ryuk-Ryuk"> <a href="/versions/v13/software/S0446/"> Ryuk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="S-Type-S-Type"> <a href="/versions/v13/software/S0085/"> S-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="S.O.V.A.-S.O.V.A."> <a href="/versions/v13/software/S1062/"> S.O.V.A. </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Saint Bot-Saint Bot"> <a href="/versions/v13/software/S1018/"> Saint Bot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Sakula-Sakula"> <a href="/versions/v13/software/S0074/"> Sakula </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SamSam-SamSam"> <a href="/versions/v13/software/S0370/"> SamSam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="schtasks-schtasks"> <a href="/versions/v13/software/S0111/"> schtasks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SDBbot-SDBbot"> <a href="/versions/v13/software/S0461/"> SDBbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SDelete-SDelete"> <a href="/versions/v13/software/S0195/"> SDelete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SeaDuke-SeaDuke"> <a href="/versions/v13/software/S0053/"> SeaDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Seasalt-Seasalt"> <a href="/versions/v13/software/S0345/"> Seasalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SEASHARPEE-SEASHARPEE"> <a href="/versions/v13/software/S0185/"> SEASHARPEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ServHelper-ServHelper"> <a href="/versions/v13/software/S0382/"> ServHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Seth-Locker-Seth-Locker"> <a href="/versions/v13/software/S0639/"> Seth-Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ShadowPad-ShadowPad"> <a href="/versions/v13/software/S0596/"> ShadowPad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Shamoon-Shamoon"> <a href="/versions/v13/software/S0140/"> Shamoon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Shark-Shark"> <a href="/versions/v13/software/S1019/"> Shark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SharkBot-SharkBot"> <a href="/versions/v13/software/S1055/"> SharkBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SharpStage-SharpStage"> <a href="/versions/v13/software/S0546/"> SharpStage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SHARPSTATS-SHARPSTATS"> <a href="/versions/v13/software/S0450/"> SHARPSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ShiftyBug-ShiftyBug"> <a href="/versions/v13/software/S0294/"> ShiftyBug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ShimRat-ShimRat"> <a href="/versions/v13/software/S0444/"> ShimRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ShimRatReporter-ShimRatReporter"> <a href="/versions/v13/software/S0445/"> ShimRatReporter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SHIPSHAPE-SHIPSHAPE"> <a href="/versions/v13/software/S0028/"> SHIPSHAPE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SHOTPUT-SHOTPUT"> <a href="/versions/v13/software/S0063/"> SHOTPUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SHUTTERSPEED-SHUTTERSPEED"> <a href="/versions/v13/software/S0217/"> SHUTTERSPEED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Sibot-Sibot"> <a href="/versions/v13/software/S0589/"> Sibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SideTwist-SideTwist"> <a href="/versions/v13/software/S0610/"> SideTwist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SILENTTRINITY-SILENTTRINITY"> <a href="/versions/v13/software/S0692/"> SILENTTRINITY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SilkBean-SilkBean"> <a href="/versions/v13/software/S0549/"> SilkBean </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Siloscape-Siloscape"> <a href="/versions/v13/software/S0623/"> Siloscape </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SimBad-SimBad"> <a href="/versions/v13/software/S0419/"> SimBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Skeleton Key-Skeleton Key"> <a href="/versions/v13/software/S0007/"> Skeleton Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Skidmap-Skidmap"> <a href="/versions/v13/software/S0468/"> Skidmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Skygofree-Skygofree"> <a href="/versions/v13/software/S0327/"> Skygofree </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Sliver-Sliver"> <a href="/versions/v13/software/S0633/"> Sliver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SLOTHFULMEDIA-SLOTHFULMEDIA"> <a href="/versions/v13/software/S0533/"> SLOTHFULMEDIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SLOWDRIFT-SLOWDRIFT"> <a href="/versions/v13/software/S0218/"> SLOWDRIFT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Small Sieve-Small Sieve"> <a href="/versions/v13/software/S1035/"> Small Sieve </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Smoke Loader-Smoke Loader"> <a href="/versions/v13/software/S0226/"> Smoke Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SMOKEDHAM-SMOKEDHAM"> <a href="/versions/v13/software/S0649/"> SMOKEDHAM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SNUGRIDE-SNUGRIDE"> <a href="/versions/v13/software/S0159/"> SNUGRIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Socksbot-Socksbot"> <a href="/versions/v13/software/S0273/"> Socksbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SodaMaster-SodaMaster"> <a href="/versions/v13/software/S0627/"> SodaMaster </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SombRAT-SombRAT"> <a href="/versions/v13/software/S0615/"> SombRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SoreFang-SoreFang"> <a href="/versions/v13/software/S0516/"> SoreFang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SOUNDBITE-SOUNDBITE"> <a href="/versions/v13/software/S0157/"> SOUNDBITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SPACESHIP-SPACESHIP"> <a href="/versions/v13/software/S0035/"> SPACESHIP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Spark-Spark"> <a href="/versions/v13/software/S0543/"> Spark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SpeakUp-SpeakUp"> <a href="/versions/v13/software/S0374/"> SpeakUp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SpicyOmelette-SpicyOmelette"> <a href="/versions/v13/software/S0646/"> SpicyOmelette </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="spwebmember-spwebmember"> <a href="/versions/v13/software/S0227/"> spwebmember </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SpyDealer-SpyDealer"> <a href="/versions/v13/software/S0324/"> SpyDealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SpyNote RAT-SpyNote RAT"> <a href="/versions/v13/software/S0305/"> SpyNote RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="sqlmap-sqlmap"> <a href="/versions/v13/software/S0225/"> sqlmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SQLRat-SQLRat"> <a href="/versions/v13/software/S0390/"> SQLRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Squirrelwaffle-Squirrelwaffle"> <a href="/versions/v13/software/S1030/"> Squirrelwaffle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SslMM-SslMM"> <a href="/versions/v13/software/S0058/"> SslMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Starloader-Starloader"> <a href="/versions/v13/software/S0188/"> Starloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="STARWHALE-STARWHALE"> <a href="/versions/v13/software/S1037/"> STARWHALE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Stealth Mango-Stealth Mango"> <a href="/versions/v13/software/S0328/"> Stealth Mango </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="StoneDrill-StoneDrill"> <a href="/versions/v13/software/S0380/"> StoneDrill </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="StreamEx-StreamEx"> <a href="/versions/v13/software/S0142/"> StreamEx </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="StrifeWater-StrifeWater"> <a href="/versions/v13/software/S1034/"> StrifeWater </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="StrongPity-StrongPity"> <a href="/versions/v13/software/S0491/"> StrongPity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Stuxnet-Stuxnet"> <a href="/versions/v13/software/S0603/"> Stuxnet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SUGARDUMP-SUGARDUMP"> <a href="/versions/v13/software/S1042/"> SUGARDUMP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SUGARUSH-SUGARUSH"> <a href="/versions/v13/software/S1049/"> SUGARUSH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SUNBURST-SUNBURST"> <a href="/versions/v13/software/S0559/"> SUNBURST </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SUNSPOT-SUNSPOT"> <a href="/versions/v13/software/S0562/"> SUNSPOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SUPERNOVA-SUPERNOVA"> <a href="/versions/v13/software/S0578/"> SUPERNOVA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SVCReady-SVCReady"> <a href="/versions/v13/software/S1064/"> SVCReady </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Sykipot-Sykipot"> <a href="/versions/v13/software/S0018/"> Sykipot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SynAck-SynAck"> <a href="/versions/v13/software/S0242/"> SynAck </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SYNful Knock-SYNful Knock"> <a href="/versions/v13/software/S0519/"> SYNful Knock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Sys10-Sys10"> <a href="/versions/v13/software/S0060/"> Sys10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SYSCON-SYSCON"> <a href="/versions/v13/software/S0464/"> SYSCON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Systeminfo-Systeminfo"> <a href="/versions/v13/software/S0096/"> Systeminfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="SysUpdate-SysUpdate"> <a href="/versions/v13/software/S0663/"> SysUpdate </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="T9000-T9000"> <a href="/versions/v13/software/S0098/"> T9000 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Taidoor-Taidoor"> <a href="/versions/v13/software/S0011/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TAINTEDSCRIBE-TAINTEDSCRIBE"> <a href="/versions/v13/software/S0586/"> TAINTEDSCRIBE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TajMahal-TajMahal"> <a href="/versions/v13/software/S0467/"> TajMahal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tangelo-Tangelo"> <a href="/versions/v13/software/S0329/"> Tangelo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TangleBot-TangleBot"> <a href="/versions/v13/software/S1069/"> TangleBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tarrask-Tarrask"> <a href="/versions/v13/software/S1011/"> Tarrask </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tasklist-Tasklist"> <a href="/versions/v13/software/S0057/"> Tasklist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TDTESS-TDTESS"> <a href="/versions/v13/software/S0164/"> TDTESS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TEARDROP-TEARDROP"> <a href="/versions/v13/software/S0560/"> TEARDROP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TERRACOTTA-TERRACOTTA"> <a href="/versions/v13/software/S0545/"> TERRACOTTA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TEXTMATE-TEXTMATE"> <a href="/versions/v13/software/S0146/"> TEXTMATE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ThiefQuest-ThiefQuest"> <a href="/versions/v13/software/S0595/"> ThiefQuest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ThreatNeedle-ThreatNeedle"> <a href="/versions/v13/software/S0665/"> ThreatNeedle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TianySpy-TianySpy"> <a href="/versions/v13/software/S1056/"> TianySpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tiktok Pro-Tiktok Pro"> <a href="/versions/v13/software/S0558/"> Tiktok Pro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TinyTurla-TinyTurla"> <a href="/versions/v13/software/S0668/"> TinyTurla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TINYTYPHON-TINYTYPHON"> <a href="/versions/v13/software/S0131/"> TINYTYPHON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TinyZBot-TinyZBot"> <a href="/versions/v13/software/S0004/"> TinyZBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tomiris-Tomiris"> <a href="/versions/v13/software/S0671/"> Tomiris </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Tor-Tor"> <a href="/versions/v13/software/S0183/"> Tor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Torisma-Torisma"> <a href="/versions/v13/software/S0678/"> Torisma </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TrailBlazer-TrailBlazer"> <a href="/versions/v13/software/S0682/"> TrailBlazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Triada-Triada"> <a href="/versions/v13/software/S0424/"> Triada </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TrickBot-TrickBot"> <a href="/versions/v13/software/S0266/"> TrickBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TrickMo-TrickMo"> <a href="/versions/v13/software/S0427/"> TrickMo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Triton-Triton"> <a href="/versions/v13/software/S1009/"> Triton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Trojan-SMS.AndroidOS.Agent.ao-Trojan-SMS.AndroidOS.Agent.ao"> <a href="/versions/v13/software/S0307/"> Trojan-SMS.AndroidOS.Agent.ao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Trojan-SMS.AndroidOS.FakeInst.a-Trojan-SMS.AndroidOS.FakeInst.a"> <a href="/versions/v13/software/S0306/"> Trojan-SMS.AndroidOS.FakeInst.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Trojan-SMS.AndroidOS.OpFake.a-Trojan-SMS.AndroidOS.OpFake.a"> <a href="/versions/v13/software/S0308/"> Trojan-SMS.AndroidOS.OpFake.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Trojan.Karagany-Trojan.Karagany"> <a href="/versions/v13/software/S0094/"> Trojan.Karagany </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Trojan.Mebromi-Trojan.Mebromi"> <a href="/versions/v13/software/S0001/"> Trojan.Mebromi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Truvasys-Truvasys"> <a href="/versions/v13/software/S0178/"> Truvasys </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TSCookie-TSCookie"> <a href="/versions/v13/software/S0436/"> TSCookie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Turian-Turian"> <a href="/versions/v13/software/S0647/"> Turian </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TURNEDUP-TURNEDUP"> <a href="/versions/v13/software/S0199/"> TURNEDUP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Twitoor-Twitoor"> <a href="/versions/v13/software/S0302/"> Twitoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="TYPEFRAME-TYPEFRAME"> <a href="/versions/v13/software/S0263/"> TYPEFRAME </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="UACMe-UACMe"> <a href="/versions/v13/software/S0116/"> UACMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="UBoatRAT-UBoatRAT"> <a href="/versions/v13/software/S0333/"> UBoatRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Umbreon-Umbreon"> <a href="/versions/v13/software/S0221/"> Umbreon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Unknown Logger-Unknown Logger"> <a href="/versions/v13/software/S0130/"> Unknown Logger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="UPPERCUT-UPPERCUT"> <a href="/versions/v13/software/S0275/"> UPPERCUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Uroburos-Uroburos"> <a href="/versions/v13/software/S0022/"> Uroburos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Ursnif-Ursnif"> <a href="/versions/v13/software/S0386/"> Ursnif </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="USBferry-USBferry"> <a href="/versions/v13/software/S0452/"> USBferry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="USBStealer-USBStealer"> <a href="/versions/v13/software/S0136/"> USBStealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Valak-Valak"> <a href="/versions/v13/software/S0476/"> Valak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="VaporRage-VaporRage"> <a href="/versions/v13/software/S0636/"> VaporRage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Vasport-Vasport"> <a href="/versions/v13/software/S0207/"> Vasport </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="VBShower-VBShower"> <a href="/versions/v13/software/S0442/"> VBShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="VERMIN-VERMIN"> <a href="/versions/v13/software/S0257/"> VERMIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ViceLeaker-ViceLeaker"> <a href="/versions/v13/software/S0418/"> ViceLeaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ViperRAT-ViperRAT"> <a href="/versions/v13/software/S0506/"> ViperRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Volgmer-Volgmer"> <a href="/versions/v13/software/S0180/"> Volgmer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="VPNFilter-VPNFilter"> <a href="/versions/v13/software/S1010/"> VPNFilter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WannaCry-WannaCry"> <a href="/versions/v13/software/S0366/"> WannaCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WarzoneRAT-WarzoneRAT"> <a href="/versions/v13/software/S0670/"> WarzoneRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WastedLocker-WastedLocker"> <a href="/versions/v13/software/S0612/"> WastedLocker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Waterbear-Waterbear"> <a href="/versions/v13/software/S0579/"> Waterbear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WEBC2-WEBC2"> <a href="/versions/v13/software/S0109/"> WEBC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WellMail-WellMail"> <a href="/versions/v13/software/S0515/"> WellMail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WellMess-WellMess"> <a href="/versions/v13/software/S0514/"> WellMess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Wevtutil-Wevtutil"> <a href="/versions/v13/software/S0645/"> Wevtutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WhisperGate-WhisperGate"> <a href="/versions/v13/software/S0689/"> WhisperGate </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Wiarp-Wiarp"> <a href="/versions/v13/software/S0206/"> Wiarp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Windows Credential Editor-Windows Credential Editor"> <a href="/versions/v13/software/S0005/"> Windows Credential Editor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WINDSHIELD-WINDSHIELD"> <a href="/versions/v13/software/S0155/"> WINDSHIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WindTail-WindTail"> <a href="/versions/v13/software/S0466/"> WindTail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WINERACK-WINERACK"> <a href="/versions/v13/software/S0219/"> WINERACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Winexe-Winexe"> <a href="/versions/v13/software/S0191/"> Winexe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Wingbird-Wingbird"> <a href="/versions/v13/software/S0176/"> Wingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WinMM-WinMM"> <a href="/versions/v13/software/S0059/"> WinMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Winnti for Linux-Winnti for Linux"> <a href="/versions/v13/software/S0430/"> Winnti for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Winnti for Windows-Winnti for Windows"> <a href="/versions/v13/software/S0141/"> Winnti for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Wiper-Wiper"> <a href="/versions/v13/software/S0041/"> Wiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WireLurker-WireLurker"> <a href="/versions/v13/software/S0312/"> WireLurker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="WolfRAT-WolfRAT"> <a href="/versions/v13/software/S0489/"> WolfRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Woody RAT-Woody RAT"> <a href="/versions/v13/software/S1065/"> Woody RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="X-Agent for Android-X-Agent for Android"> <a href="/versions/v13/software/S0314/"> X-Agent for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XAgentOSX-XAgentOSX"> <a href="/versions/v13/software/S0161/"> XAgentOSX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Xbash-Xbash"> <a href="/versions/v13/software/S0341/"> Xbash </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Xbot-Xbot"> <a href="/versions/v13/software/S0298/"> Xbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="xCaon-xCaon"> <a href="/versions/v13/software/S0653/"> xCaon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="xCmd-xCmd"> <a href="/versions/v13/software/S0123/"> xCmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XcodeGhost-XcodeGhost"> <a href="/versions/v13/software/S0297/"> XcodeGhost </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XCSSET-XCSSET"> <a href="/versions/v13/software/S0658/"> XCSSET </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XLoader for Android-XLoader for Android"> <a href="/versions/v13/software/S0318/"> XLoader for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XLoader for iOS-XLoader for iOS"> <a href="/versions/v13/software/S0490/"> XLoader for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="XTunnel-XTunnel"> <a href="/versions/v13/software/S0117/"> XTunnel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="YAHOYAH-YAHOYAH"> <a href="/versions/v13/software/S0388/"> YAHOYAH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="YiSpecter-YiSpecter"> <a href="/versions/v13/software/S0311/"> YiSpecter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="yty-yty"> <a href="/versions/v13/software/S0248/"> yty </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Zebrocy-Zebrocy"> <a href="/versions/v13/software/S0251/"> Zebrocy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Zen-Zen"> <a href="/versions/v13/software/S0494/"> Zen </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ZergHelper-ZergHelper"> <a href="/versions/v13/software/S0287/"> ZergHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Zeroaccess-Zeroaccess"> <a href="/versions/v13/software/S0027/"> Zeroaccess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ZeroT-ZeroT"> <a href="/versions/v13/software/S0230/"> ZeroT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Zeus Panda-Zeus Panda"> <a href="/versions/v13/software/S0330/"> Zeus Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ZLib-ZLib"> <a href="/versions/v13/software/S0086/"> ZLib </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Zox-Zox"> <a href="/versions/v13/software/S0672/"> Zox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="zwShell-zwShell"> <a href="/versions/v13/software/S0350/"> zwShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ZxShell-ZxShell"> <a href="/versions/v13/software/S0412/"> ZxShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="ZxxZ-ZxxZ"> <a href="/versions/v13/software/S1013/"> ZxxZ </a> </div> </div> </div> </div> </div> </div> <!--start-indexing-for-search--> </div> <div class="tab-content col-xl-9 col-lg-9 col-md-8 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v13/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v13/software/">Software</a></li> <li class="breadcrumb-item">InvisiMole</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> InvisiMole </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p><a href="/versions/v13/software/S0260">InvisiMole</a> is a modular spyware program that has been used by the InvisiMole Group since at least 2013. <a href="/versions/v13/software/S0260">InvisiMole</a> has two backdoor modules called RC2FM and RC2CL that are used to perform post-exploitation activities. It has been discovered on compromised victims in the Ukraine and Russia. <a href="/versions/v13/groups/G0047">Gamaredon Group</a> infrastructure has been used to download and execute <a href="/versions/v13/software/S0260">InvisiMole</a> against a small number of victims.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div id="card-id" class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">ID:&nbsp;</span>S0260 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="This software is commercial, custom closed source, or open source software intended to be used for malicious purposes by adversaries">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Type</span>: MALWARE </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="The system an adversary is operating within; could be an operating system or application">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Platforms</span>: Windows </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Contributors</span>: ESET </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Version</span>: 2.1 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Created:&nbsp;</span>17 October 2018 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Last Modified:&nbsp;</span>29 November 2021 </div> </div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of S0260" href="/versions/v13/software/S0260/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of S0260" href="/software/S0260/" data-test-ignore="true">Live Version</a><!--do not change this line without also changing versions.py--> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="dropdown h3 mt-3 float-right"> <button class="btn btn-navy dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>ATT&amp;CK^&reg; Navigator Layers</b> </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <h6 class="dropdown-header">Enterprise Layer</h6> <a class="dropdown-item" href="/versions/v13/software/S0260/S0260-enterprise-layer.json" download target="_blank">download</a> <!-- only show view on navigator link if layer link is defined --> <a class="dropdown-item" href="#" id="view-layer-on-navigator-enterprise" target="_blank">view <img width="10" src="/versions/v13/theme/images/external-site-dark.jpeg"></a> <script src="/versions/v13/theme/scripts/settings.js"></script> <script> if (window.location.protocol == "https:") { //view on navigator only works when this site is hosted on HTTPS var layerURL = window.location.protocol + "//" + window.location.host + base_url + "software/S0260/S0260-enterprise-layer.json"; document.getElementById("view-layer-on-navigator-enterprise").href = "https://mitre-attack.github.io/attack-navigator//#layerURL=" + encodeURIComponent(layerURL); } else { //hide button document.getElementById("view-layer-on-navigator-enterprise").classList.add("d-none"); } </script> </div> </div> <!--start-indexing-for-search--> <h2 class="pt-3 mb-2" id="techniques">Techniques Used</h2> <table class="table techniques-used background table-bordered"> <thead> <tr> <th class="p-2" scope="col">Domain</th> <th class="p-2" colspan="2">ID</th> <th class="p-2" scope="col">Name</th> <th class="p-2" scope="col">Use</th> </tr> </thead> <tbody> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1548">T1548</a> </td> <td> <a href="/versions/v13/techniques/T1548/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1548">Abuse Elevation Control Mechanism</a>: <a href="/versions/v13/techniques/T1548/002">Bypass User Account Control</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use fileless UAC bypass and create an elevated COM object to escalate privileges.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1087">T1087</a> </td> <td> <a href="/versions/v13/techniques/T1087/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1087">Account Discovery</a>: <a href="/versions/v13/techniques/T1087/001">Local Account</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has a command to list account information on the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1071">T1071</a> </td> <td> <a href="/versions/v13/techniques/T1071/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1071">Application Layer Protocol</a>: <a href="/versions/v13/techniques/T1071/001">Web Protocols</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> uses HTTP for C2 communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1071/004">.004</a> </td> <td> <a href="/versions/v13/techniques/T1071">Application Layer Protocol</a>: <a href="/versions/v13/techniques/T1071/004">DNS</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used a custom implementation of DNS tunneling to embed C2 communications in DNS requests and replies.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1010">T1010</a> </td> <td> <a href="/versions/v13/techniques/T1010">Application Window Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can enumerate windows and child windows on a compromised host.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1560">T1560</a> </td> <td> <a href="/versions/v13/techniques/T1560/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v13/techniques/T1560/001">Archive via Utility</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> uses WinRAR to compress data that is intended to be exfiltrated.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1560/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v13/techniques/T1560/002">Archive via Library</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use zlib to compress and decompress data.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1560/003">.003</a> </td> <td> <a href="/versions/v13/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v13/techniques/T1560/003">Archive via Custom Method</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> uses a variation of the XOR cipher to encrypt files before exfiltration.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1123">T1123</a> </td> <td> <a href="/versions/v13/techniques/T1123">Audio Capture</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can record sound using input audio devices.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1119">T1119</a> </td> <td> <a href="/versions/v13/techniques/T1119">Automated Collection</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can sort and collect specific documents as well as generate a list of all files on a newly inserted drive and store them in an encrypted file.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1547">T1547</a> </td> <td> <a href="/versions/v13/techniques/T1547/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1547">Boot or Logon Autostart Execution</a>: <a href="/versions/v13/techniques/T1547/001">Registry Run Keys / Startup Folder</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can place a lnk file in the Startup Folder to achieve persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1547/009">.009</a> </td> <td> <a href="/versions/v13/techniques/T1547">Boot or Logon Autostart Execution</a>: <a href="/versions/v13/techniques/T1547/009">Shortcut Modification</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use a .lnk shortcut for the Control Panel to establish persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1059">T1059</a> </td> <td> <a href="/versions/v13/techniques/T1059/003">.003</a> </td> <td> <a href="/versions/v13/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v13/techniques/T1059/003">Windows Command Shell</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can launch a remote shell to execute commands.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1059/007">.007</a> </td> <td> <a href="/versions/v13/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v13/techniques/T1059/007">JavaScript</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use a JavaScript file as part of its execution chain.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1543">T1543</a> </td> <td> <a href="/versions/v13/techniques/T1543/003">.003</a> </td> <td> <a href="/versions/v13/techniques/T1543">Create or Modify System Process</a>: <a href="/versions/v13/techniques/T1543/003">Windows Service</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can register a Windows service named CsPower as part of its execution chain, and a Windows service named clr_optimization_v2.0.51527_X86 to achieve persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1132">T1132</a> </td> <td> <a href="/versions/v13/techniques/T1132/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1132">Data Encoding</a>: <a href="/versions/v13/techniques/T1132/002">Non-Standard Encoding</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use a modified base32 encoding to encode data within the subdomain of C2 requests.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1005">T1005</a> </td> <td> <a href="/versions/v13/techniques/T1005">Data from Local System</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can collect data from the system, and can monitor changes in specified directories.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1025">T1025</a> </td> <td> <a href="/versions/v13/techniques/T1025">Data from Removable Media</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can collect jpeg files from connected MTP devices.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1001">T1001</a> </td> <td> <a href="/versions/v13/techniques/T1001/003">.003</a> </td> <td> <a href="/versions/v13/techniques/T1001">Data Obfuscation</a>: <a href="/versions/v13/techniques/T1001/003">Protocol Impersonation</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can mimic HTTP protocol with custom HTTP "verbs" HIDE, ZVVP, and NOP.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1074">T1074</a> </td> <td> <a href="/versions/v13/techniques/T1074/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1074">Data Staged</a>: <a href="/versions/v13/techniques/T1074/001">Local Data Staging</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> determines a working directory where it stores all the gathered data about the compromised machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1140">T1140</a> </td> <td> <a href="/versions/v13/techniques/T1140">Deobfuscate/Decode Files or Information</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can decrypt, unpack and load a DLL from its resources, or from blobs encrypted with Data Protection API, two-key triple DES, and variations of the XOR cipher.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1573">T1573</a> </td> <td> <a href="/versions/v13/techniques/T1573/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1573">Encrypted Channel</a>: <a href="/versions/v13/techniques/T1573/001">Symmetric Cryptography</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> uses variations of a simple XOR encryption routine for C&amp;C communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1480">T1480</a> </td> <td> <a href="/versions/v13/techniques/T1480/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1480">Execution Guardrails</a>: <a href="/versions/v13/techniques/T1480/001">Environmental Keying</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use Data Protection API to encrypt its components on the victim鈥檚 computer, to evade detection, and to make sure the payload can only be decrypted and loaded on one specific compromised computer.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1203">T1203</a> </td> <td> <a href="/versions/v13/techniques/T1203">Exploitation for Client Execution</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has installed legitimate but vulnerable Total Video Player software and wdigest.dll library drivers on compromised hosts to exploit stack overflow and input validation vulnerabilities for code execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1068">T1068</a> </td> <td> <a href="/versions/v13/techniques/T1068">Exploitation for Privilege Escalation</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has exploited CVE-2007-5633 vulnerability in the speedfan.sys driver to obtain kernel mode privileges.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1210">T1210</a> </td> <td> <a href="/versions/v13/techniques/T1210">Exploitation of Remote Services</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can spread within a network via the BlueKeep (CVE-2019-0708) and EternalBlue (CVE-2017-0144) vulnerabilities in RDP and SMB respectively.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1008">T1008</a> </td> <td> <a href="/versions/v13/techniques/T1008">Fallback Channels</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has been configured with several servers available for alternate C2 communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1083">T1083</a> </td> <td> <a href="/versions/v13/techniques/T1083">File and Directory Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can list information about files in a directory and recently opened or used documents. <a href="/versions/v13/software/S0260">InvisiMole</a> can also search for specific files by supplied file mask.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1564">T1564</a> </td> <td> <a href="/versions/v13/techniques/T1564/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1564">Hide Artifacts</a>: <a href="/versions/v13/techniques/T1564/001">Hidden Files and Directories</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can create hidden system directories.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1564/003">.003</a> </td> <td> <a href="/versions/v13/techniques/T1564">Hide Artifacts</a>: <a href="/versions/v13/techniques/T1564/003">Hidden Window</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has executed legitimate tools in hidden windows.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1574">T1574</a> </td> <td> <a href="/versions/v13/techniques/T1574/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1574">Hijack Execution Flow</a>: <a href="/versions/v13/techniques/T1574/001">DLL Search Order Hijacking</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can be launched by using DLL search order hijacking in which the wrapper DLL is placed in the same folder as explorer.exe and loaded during startup into the Windows Explorer process instead of the legitimate library.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1562">T1562</a> </td> <td> <a href="/versions/v13/techniques/T1562/004">.004</a> </td> <td> <a href="/versions/v13/techniques/T1562">Impair Defenses</a>: <a href="/versions/v13/techniques/T1562/004">Disable or Modify System Firewall</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has a command to disable routing and the Firewall on the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1070">T1070</a> </td> <td> <a href="/versions/v13/techniques/T1070/004">.004</a> </td> <td> <a href="/versions/v13/techniques/T1070">Indicator Removal</a>: <a href="/versions/v13/techniques/T1070/004">File Deletion</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has deleted files and directories including XML and files successfully uploaded to C2 servers.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1070/005">.005</a> </td> <td> <a href="/versions/v13/techniques/T1070">Indicator Removal</a>: <a href="/versions/v13/techniques/T1070/005">Network Share Connection Removal</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can disconnect previously connected remote drives.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1070/006">.006</a> </td> <td> <a href="/versions/v13/techniques/T1070">Indicator Removal</a>: <a href="/versions/v13/techniques/T1070/006">Timestomp</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> samples were timestomped by the authors by setting the PE timestamps to all zero values. <a href="/versions/v13/software/S0260">InvisiMole</a> also has a built-in command to modify file times.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1105">T1105</a> </td> <td> <a href="/versions/v13/techniques/T1105">Ingress Tool Transfer</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can upload files to the victim's machine for operations.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1490">T1490</a> </td> <td> <a href="/versions/v13/techniques/T1490">Inhibit System Recovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can can remove all system restore points.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1056">T1056</a> </td> <td> <a href="/versions/v13/techniques/T1056/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1056">Input Capture</a>: <a href="/versions/v13/techniques/T1056/001">Keylogging</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can capture keystrokes on a compromised host.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1559">T1559</a> </td> <td> <a href="/versions/v13/techniques/T1559/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1559">Inter-Process Communication</a>: <a href="/versions/v13/techniques/T1559/001">Component Object Model</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use the <code>ITaskService</code>, <code>ITaskDefinition</code> and <code>ITaskSettings</code> COM interfaces to schedule a task.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1036">T1036</a> </td> <td> <a href="/versions/v13/techniques/T1036/004">.004</a> </td> <td> <a href="/versions/v13/techniques/T1036">Masquerading</a>: <a href="/versions/v13/techniques/T1036/004">Masquerade Task or Service</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has attempted to disguise itself by registering under a seemingly legitimate service name.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1036/005">.005</a> </td> <td> <a href="/versions/v13/techniques/T1036">Masquerading</a>: <a href="/versions/v13/techniques/T1036/005">Match Legitimate Name or Location</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has disguised its droppers as legitimate software or documents, matching their original names and locations, and saved its files as mpr.dll in the Windows folder.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1112">T1112</a> </td> <td> <a href="/versions/v13/techniques/T1112">Modify Registry</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has a command to create, set, copy, or delete a specified Registry key or value.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1106">T1106</a> </td> <td> <a href="/versions/v13/techniques/T1106">Native API</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can use winapiexec tool for indirect execution of <code>ShellExecuteW</code> and <code>CreateProcessA</code>.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1046">T1046</a> </td> <td> <a href="/versions/v13/techniques/T1046">Network Service Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can scan the network for open ports and vulnerable instances of RDP and SMB protocols.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1135">T1135</a> </td> <td> <a href="/versions/v13/techniques/T1135">Network Share Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can gather network share information.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1095">T1095</a> </td> <td> <a href="/versions/v13/techniques/T1095">Non-Application Layer Protocol</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used TCP to download additional modules.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1027">T1027</a> </td> <td> <a href="/versions/v13/techniques/T1027">Obfuscated Files or Information</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> avoids analysis by encrypting all strings, internal files, configuration data and by using a custom executable format.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1027/005">.005</a> </td> <td> <a href="/versions/v13/techniques/T1027/005">Indicator Removal from Tools</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has undergone regular technical improvements in an attempt to evade detection.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1057">T1057</a> </td> <td> <a href="/versions/v13/techniques/T1057">Process Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can obtain a list of running processes.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1055">T1055</a> </td> <td> <a href="/versions/v13/techniques/T1055">Process Injection</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can inject itself into another process to avoid detection including use of a technique called ListPlanting that customizes the sorting algorithm in a ListView structure.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1055/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1055/002">Portable Executable Injection</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can inject its backdoor as a portable executable into a target process.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span> </p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1055/004">.004</a> </td> <td> <a href="/versions/v13/techniques/T1055/004">Asynchronous Procedure Call</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can inject its code into a trusted process via the APC queue.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1055/015">.015</a> </td> <td> <a href="/versions/v13/techniques/T1055/015">ListPlanting</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used ListPlanting to inject code into a trusted process.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1090">T1090</a> </td> <td> <a href="/versions/v13/techniques/T1090/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1090">Proxy</a>: <a href="/versions/v13/techniques/T1090/001">Internal Proxy</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can function as a proxy to create a server that relays communication between the client and C&amp;C server, or between two clients.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1090/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1090">Proxy</a>: <a href="/versions/v13/techniques/T1090/002">External Proxy</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> InvisiMole can identify proxy servers used by the victim and use them for C2 communication.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1012">T1012</a> </td> <td> <a href="/versions/v13/techniques/T1012">Query Registry</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can enumerate Registry values, keys, and data.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1053">T1053</a> </td> <td> <a href="/versions/v13/techniques/T1053/005">.005</a> </td> <td> <a href="/versions/v13/techniques/T1053">Scheduled Task/Job</a>: <a href="/versions/v13/techniques/T1053/005">Scheduled Task</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used scheduled tasks named <code>MSST</code> and <code>\Microsoft\Windows\Autochk\Scheduled</code> to establish persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1113">T1113</a> </td> <td> <a href="/versions/v13/techniques/T1113">Screen Capture</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can capture screenshots of not only the entire screen, but of each separate window open, in case they are overlapping.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1518">T1518</a> </td> <td> <a href="/versions/v13/techniques/T1518">Software Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can collect information about installed software used by specific users, software executed on user login, and software executed by each system.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1518/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1518/001">Security Software Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can check for the presence of network sniffers, AV, and BitDefender firewall.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1218">T1218</a> </td> <td> <a href="/versions/v13/techniques/T1218/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1218">System Binary Proxy Execution</a>: <a href="/versions/v13/techniques/T1218/002">Control Panel</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can register itself for execution and persistence via the Control Panel.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique enterprise" id="enterprise"> <td></td> <td></td> <td> <a href="/versions/v13/techniques/T1218/011">.011</a> </td> <td> <a href="/versions/v13/techniques/T1218">System Binary Proxy Execution</a>: <a href="/versions/v13/techniques/T1218/011">Rundll32</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used rundll32.exe for execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1082">T1082</a> </td> <td> <a href="/versions/v13/techniques/T1082">System Information Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can gather information on the mapped drives, OS version, computer name, DEP policy, memory size, and system volume serial number.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1016">T1016</a> </td> <td> <a href="/versions/v13/techniques/T1016">System Network Configuration Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> gathers information on the IP forwarding table, MAC address, configured proxy, and network SSID.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1033">T1033</a> </td> <td> <a href="/versions/v13/techniques/T1033">System Owner/User Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> lists local users and session information.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1007">T1007</a> </td> <td> <a href="/versions/v13/techniques/T1007">System Service Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can obtain running services on the victim.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1569">T1569</a> </td> <td> <a href="/versions/v13/techniques/T1569/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1569">System Services</a>: <a href="/versions/v13/techniques/T1569/002">Service Execution</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> has used Windows services as a way to execute its malicious payload.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1124">T1124</a> </td> <td> <a href="/versions/v13/techniques/T1124">System Time Discovery</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> gathers the local system time from the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1080">T1080</a> </td> <td> <a href="/versions/v13/techniques/T1080">Taint Shared Content</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can replace legitimate software or documents in the compromised network with their trojanized versions, in an attempt to propagate itself within the network.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1204">T1204</a> </td> <td> <a href="/versions/v13/techniques/T1204/002">.002</a> </td> <td> <a href="/versions/v13/techniques/T1204">User Execution</a>: <a href="/versions/v13/techniques/T1204/002">Malicious File</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can deliver trojanized versions of software and documents, relying on user execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique enterprise" id="enterprise"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v13/techniques/T1125">T1125</a> </td> <td> <a href="/versions/v13/techniques/T1125">Video Capture</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can remotely activate the victim鈥檚 webcam to capture content.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent enterprise" id="enterprise"> <td> Enterprise </td> <td> <a href="/versions/v13/techniques/T1497">T1497</a> </td> <td> <a href="/versions/v13/techniques/T1497/001">.001</a> </td> <td> <a href="/versions/v13/techniques/T1497">Virtualization/Sandbox Evasion</a>: <a href="/versions/v13/techniques/T1497/001">System Checks</a> </td> <td> <p><a href="/versions/v13/software/S0260">InvisiMole</a> can check for artifacts of VirtualBox, Virtual PC and VMware environment, and terminate itself if they are detected.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="references">References</h2> <div class="row"> <div class="col"> <ol> <li> <span id="scite-1" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-1" href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank"> Hromcov谩, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018. </a> </span> </span> </li> </ol> </div> <div class="col"> <ol start="2.0"> <li> <span id="scite-2" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-2" href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank"> Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020. </a> </span> </span> </li> </ol> </div> </div> </div> </div> </div> </div> </div> </div> <!--stop-indexing-for-search--> <!-- search overlay for entire page -- not displayed inline --> <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner"> <!-- text input for searching --> <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">&times;</div> </div> </div> <!-- results and controls for loading more results --> <div id="search-body" class="search-body"> <div class="results" id="search-results"> <!-- content will be appended here on search --> </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <div class="row flex-grow-0 flex-shrink-1"> <!-- footer elements --> <footer class="col footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v13/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> 漏 2015-2023, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v13/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v13/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v13/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" data-html="true" title="ATT&amp;CK content v13.1&#013;Website v4.0.5">ATT&CK v13.1</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100"> <!-- <i class="fa fa-twitter"></i> --> <img src="/versions/v13/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v13/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div> </div> <!--stopindex--> </div> <!--SCRIPTS--> <script src="/versions/v13/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v13/theme/scripts/popper.min.js"></script> <script src="/versions/v13/theme/scripts/bootstrap-select.min.js"></script> <script src="/versions/v13/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v13/theme/scripts/site.js?8814"></script> <script src="/versions/v13/theme/scripts/settings.js?5018"></script> <script src="/versions/v13/theme/scripts/search_bundle.js"></script> <script src="/versions/v13/theme/scripts/resizer.js"></script> <!--SCRIPTS--> <script src="/versions/v13/theme/scripts/navigation.js"></script> <script src="/versions/v13/theme/scripts/bootstrap-tourist.js"></script> <script src="/versions/v13/theme/scripts/settings.js"></script> <script src="/versions/v13/theme/scripts/tour/tour-relationships.js"></script> </body> </html>