| ID | C0046 |
| Objective(s) | File System |
| Related ATT&CK Techniques | None |
| Version | 2.3 |
| Created | 4 December 2020 |
| Last Modified | 30 April 2024 |
Malware creates a directory.
| Name | Date | Method | Description |
|---|---|---|---|
| Gamut | 2014 | -- | Gamut creates directories. [1] |
| GoBotKR | 2019 | -- | GoBotKR creates directories. [1] |
| GravityRAT | 2018 | -- | GravityRAT creates directories. [1] |
| Hupigon | 2013 | -- | Hupigon creates directories. [1] |
| Kovter | 2016 | -- | Kovter creates directories. [1] |
| Redhip | 2011 | -- | Redhip creates directories. [1] |
| UP007 | 2016 | -- | UP007 creates directories. [1] |
| Tool: capa | Mapping | APIs |
|---|---|---|
| create directory | Create Directory (C0046) | kernel32.CreateDirectory, kernel32.CreateDirectoryEx, kernel32.CreateDirectoryTransacted, NtCreateDirectoryObject, ZwCreateDirectoryObject, SHCreateDirectory, SHCreateDirectoryEx, _mkdir, _wmkdir, System.IO.Directory::CreateDirectory, System.IO.DirectoryInfo::Create, System.IO.DirectoryInfo::CreateSubdirectory |
| Tool: CAPE | Class | Mapping | APIs |
|---|---|---|---|
| arkei_files | ArkeiFiles | Create Directory (C0046) | -- |
File System::Create Directory
SHA256: 27253651170386863b148afb2a0fdda7780ae65cbc31405acbd99fa06b44b79f Location: 0x1400036d4xor param_2, param_2 ; use default security attributes (param_2 is NULL) mov param_1, rbp ; use contents of rbp as directory name call qword ptr [->KERNEL32.DLL::CreateDirectoryA] ; call Windows API to create directory
[1] capa v4.0, analyzed at MITRE on 10/12/2022