{"description": "Enterprise techniques used by ZLib, ATT&CK software S0086 (v1.2)", "name": "ZLib (S0086)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.001", "comment": "[ZLib](https://attack.mitre.org/software/S0086) communicates over HTTP for C2.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1560", "showSubtechniques": true}, {"techniqueID": "T1560.002", "comment": "The [ZLib](https://attack.mitre.org/software/S0086) backdoor compresses communications using the standard Zlib compression library.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.003", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to execute shell commands.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1543", "showSubtechniques": true}, {"techniqueID": "T1543.003", "comment": "[ZLib](https://attack.mitre.org/software/S0086) creates Registry keys to allow itself to run as various services.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1041", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has sent data and files from a compromised host to its C2 servers.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1083", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to enumerate files and drives.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1105", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to download files.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1036", "showSubtechniques": true}, {"techniqueID": "T1036.005", "comment": "[ZLib](https://attack.mitre.org/software/S0086) mimics the resource version information of legitimate Realtek Semiconductor, Nvidia, or Synaptics modules.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1113", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to obtain screenshots of the compromised system.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1082", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to enumerate system information.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1007", "comment": "[ZLib](https://attack.mitre.org/software/S0086) has the ability to discover and manipulate Windows services.(Citation: Cylance Dust Storm)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by ZLib", "color": "#66b1ff"}]}