| ID | E1203 |
| Objective(s) | Execution, Impact |
| Related ATT&CK Techniques | Exploitation for Client Execution (T1203) |
| Impact Type | Breach |
| Version | 3.0 |
| Created | 1 August 2019 |
| Last Modified | 1 March 2023 |
Software is exploited - either because of a vulnerability or through its designed features - to gain access for malware. In general, exploitation may be done by a human attacker, but MBC focuses on software exploits implemented in code. Malware-specific details are below.
See ATT&CK: Exploitation for Client Execution (T1203).
| Name | ID | Description |
|---|---|---|
| File Transfer Protocol (FTP) Servers | E1203.m03 | Malware leverages an FTP server. |
| Java-based Web Servers | E1203.m02 | Malware leverages a Java-based web server. |
| Red Hat JBoss Enterprise Products | E1203.m04 | Malware leverages JBoss Enterprise products. |
| Remote Desktop Protocols | E1203.m01 | RDP is used by malware. |
| Sysinternals | E1203.m05 | Sysinternals tools are used for additional command line functionality. |
| Windows Utilities | E1203.m06 | One or more Windows utilities are used. |
| Name | Date | Method | Description |
|---|---|---|---|
| SamSam | 2015 | E1203.m01 | Attackers associated with SamSam exploit vulnerabilities in remote desktop protocols (RDP), Java-based web servers, or file transfer protocol (FTP) servers. [1] |
[1] https://blog.malwarebytes.com/cybercrime/2018/05/samsam-ransomware-need-know/