FrameworkPOS and the adequate persistent threat
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Software - T1592.002 Windows Service - T1543.003 Tool - T1588.002 New Service - T1050 Powershell - T1086 Rundll32 - T1085 Scheduled Task - T1053 Service Execution - T1035
Show in Graph
Common Information
Type Value
UUID b9819ab1-016d-46a6-8623-e705dbacadab
Fingerprint 2402d118b13585c3
Analysis status DONE
Considered CTI value 2
Text language
Published June 7, 2022, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 1:25 p.m.
Headline FrameworkPOS and the adequate persistent threat
Title FrameworkPOS and the adequate persistent threat
Detected Hints/Tags/Attributes 42/1/11
Source URLs
Redirection Url
Details Source https://redcanary.com/blog/frameworkpos-and-the-adequate-persistent-threat/
URL Provider
Details Provider Source level domain
Details redcanary.com redcanary.com
Attributes
Details Type #Events CTI Value
Details File 307 
services.exe
Details File 2130 
cmd.exe
Details File 1212 
powershell.exe
Details File 1 
installer_8.exe
Details File 1021 
rundll32.exe
Details File 1 
assistant32.dll
Details File 1 
btid.dat
Details File 30 
taskeng.exe
Details MITRE ATT&CK Techniques 39 
T1035
Details MITRE ATT&CK Techniques 36 
T1050
Details Threat Actor Identifier - FIN 73 
FIN6