Helminth
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[Helminth](https://attack.mitre.org/software/S0170) is a backdoor that has at least two variants - one written in VBScript and PowerShell that is delivered via a macros in Excel spreadsheets, and one that is a standalone Windows executable. (Citation: Palo Alto OilRig May 2016)
Tecniche Associate (21)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1027.013 | Encrypted/Encoded File | - |
| T1030 | Data Transfer Size Limits | - |
| T1053.005 | Scheduled Task | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1059.005 | Visual Basic | - |
| T1069.001 | Local Groups | - |
| T1069.002 | Domain Groups | - |
| T1071.001 | Web Protocols | - |
| T1071.004 | DNS | - |
| T1074.001 | Local Data Staging | - |
| T1105 | Ingress Tool Transfer | - |
| T1115 | Clipboard Data | - |
Usato da Attori (1)
Metadata
| ID: | 652 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |