| ID | B0023 |
| Objective(s) | Execution |
| Related ATT&CK Technique | None |
Installs another, different program on the system. The additional program can be any secondary module; examples include backdoors, malicious drivers, kernel modules, and OS X Apps.
Malware that installs another component is called a "dropper." If the code is contained in the malware, it's a "single stage" dropper; "two stage" droppers download the code from a remote location (the associated download behavior is covered by the Remote File Copy behavior).
| Name | Date | Description |
|---|---|---|
| WebCobra | November 2018 | Drops software to mine for cryptocurrency. [1] |
| Geneio | August 2015 | Tricks OS X keychain to create application files. |
| GotBotKR | July 2019 | GotBotKR reinstalls its running instance if it is removed. [3] |
| MazarBot | 2016 | Installs a backdoor. |
| Mebromi | 2011 | A Trojan downloader. |
| YiSpecter | 2015 | Can download and install arbitrary iOS apps. |
[1] https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/webcobra-malware-uses-victims-computers-to-mine-cryptocurrency/
[2] https://www.fortinet.com/blog/threat-research/deep-analysis-of-driver-based-mitm-malware-itranslator.html
[3] https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/