See More

{"description": "Enterprise techniques used by StoneDrill, ATT&CK software S0380 (v1.2)", "name": "StoneDrill (S0380)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.005", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has several VBS scripts used throughout the malware's lifecycle.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1485", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has a disk wiper module that targets files other than those in the Windows directory.(Citation: Kaspersky StoneDrill 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1561", "showSubtechniques": true}, {"techniqueID": "T1561.001", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) can wipe the accessible physical or logical drives of the infected machine.(Citation: Symantec Elfin Mar 2019)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1561.002", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) can wipe the master boot record of an infected computer.(Citation: Symantec Elfin Mar 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070", "showSubtechniques": true}, {"techniqueID": "T1070.004", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has been observed deleting the temporary files once they fulfill their task.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has downloaded and dropped temporary files containing scripts; it additionally has a function to upload files from the victims machine.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1027", "showSubtechniques": true}, {"techniqueID": "T1027.013", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has obfuscated its module with an alphabet-based table or XOR encryption.(Citation: Kaspersky StoneDrill 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1055", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has relied on injecting its payload directly into the process memory of the victim's preferred browser.(Citation: Kaspersky StoneDrill 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1012", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has looked in the registry to find the default browser path.(Citation: Kaspersky StoneDrill 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1113", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) can take screenshots.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1518", "showSubtechniques": true}, {"techniqueID": "T1518.001", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) can check for antivirus and antimalware programs.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has the capability to discover the system OS, Windows version, architecture and environment.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1124", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) can obtain the current date and time of the victim machine.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1497", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has used several anti-emulation techniques to prevent automated analysis by emulators or sandboxes.(Citation: Kaspersky StoneDrill 2017)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1047", "comment": "[StoneDrill](https://attack.mitre.org/software/S0380) has used the WMI command-line (WMIC) utility to run tasks.(Citation: Kaspersky StoneDrill 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by StoneDrill", "color": "#66b1ff"}]}