| ID | E1203 |
| Objective(s) | Execution, Impact |
| Related ATT&CK Technique | Exploitation for Client Execution |
Software is exploited - either because of a vulnerability or through its designed features - to gain access for malware. In general, exploitation may be done by a human attacker, but MBC focuses on software exploits implemented in code. Malware-specific details are below.
See related ATT&CK Technique: Exploitation for Client Execution.
| Name | ID | Description |
|---|---|---|
| File Transfer Protocol (FTP) Servers | E1203.m03 | Malware leverages an FTP server. |
| Java-based Web Servers | E1203.m02 | |
| Red Hat JBoss Enterprise Products | E1203.m04 | |
| Remote Desktop Protocols (RDP) | E1203.m01 | RDP is used by malware. |
| Sysinternals | E1203.m05 | Sysinternals tools are used for additional command line functionality. |
| Windows Utilities | E1203.m06 | One or more Windows utilities are used. |
| Name | Date | Description |
|---|---|---|
| SamSam | 2015 | Attackers associated with SamSam exploit vulnerabilities in remote desktop protocols (RDP), Java-based web servers, or file transfer protocol (FTP) servers. [1] |
[1] https://blog.malwarebytes.com/cybercrime/2018/05/samsam-ransomware-need-know/