{"description": "Enterprise techniques used by HiddenWasp, ATT&CK software S0394 (v1.3)", "name": "HiddenWasp (S0394)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1037", "showSubtechniques": true}, {"techniqueID": "T1037.004", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) installs reboot persistence by adding itself to /etc/rc.local.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.003", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) uses a script to automate tasks on the victim's machine and to assist in execution.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1136", "showSubtechniques": true}, {"techniqueID": "T1136.001", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) creates a user account as a means to provide initial persistence to the compromised machine.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1140", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) uses a cipher to implement a decoding function.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1573", "showSubtechniques": true}, {"techniqueID": "T1573.001", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) uses an RC4-like algorithm with an already computed PRGA generated key-stream for network communication.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1574", "showSubtechniques": true}, {"techniqueID": "T1574.006", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) adds itself as a shared object to the LD_PRELOAD environment variable.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) downloads a tar compressed archive from a download server to the system.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1095", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) communicates with a simple network protocol over TCP.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1027", "showSubtechniques": true}, {"techniqueID": "T1027.013", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) encrypts its configuration and payload.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1014", "comment": "[HiddenWasp](https://attack.mitre.org/software/S0394) uses a rootkit to hook and implement functions on the system.(Citation: Intezer HiddenWasp Map 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by HiddenWasp", "color": "#66b1ff"}]}