| ID | X0020 |
| Aliases | None |
| Platforms | Cisco |
| Year | 2015 |
| Associated ATT&CK Software | None |
A modification of the router's firmware images used to maintain persistence. [1]
| Name | Use |
|---|---|
| Persistence::Component Firmware::Router Firmware (F0009.001) | Modification of the router's firmware image that can be used to maintain persistence within a victim's network [1] |
| Defense Evasion::Hijack Execution Flow (F0015) | Hooks IOS functions to call and initialize the malware [1] |
| Name | Use |
|---|---|
| Micro-Objective::Memory::Change Memory Protection (C0008) | Modifies the translation lookaside buffer (TLB) Read/Write attributes [1] |
| Micro-objective::Communication::Socket Communication::Send TCP Data (C0001.014) | To initiate communication with the C2 server, a uniquely crafted TCP SYN packet is sent to port 80 of the "implanted" router [1] |
| Defense Evasion::Alternative Installation Location::Fileless Malware (B0027.001) | 100 memory-resident modules can be installed [1] |
SHA256 Hashes
- Unavailable