![]() ![]() Ĭarbanak used legitimate programs such as AmmyyAdmin and Team Viewer for remote interactive C2 to target systems. ![]() Ĭarbanak has a plugin for VNC and Ammyy Admin Tool. Installation of many remote access tools may also include persistence (ex: the tool's installation routine creates a Windows Service).Īdmin tools such as TeamViewer have been used by several groups targeting institutions in countries of interest to the Russian state and criminal campaigns. They may also be used as a component of malware to establish a reverse connection or back-connect to a service or adversary controlled system. Remote access tools may be installed and used post-compromise as alternate communications channel for redundant access or as a way to establish an interactive remote desktop session with the target system. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. An adversary may use legitimate desktop support and remote access software, such as Team Viewer, AnyDesk, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |