{"description": "Enterprise techniques used by Bonadan, ATT&CK software S0486 (v1.0)", "name": "Bonadan (S0486)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1059", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can create bind and reverse shells on the infected system.(Citation: ESET ForSSHe December 2018)\t", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1554", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) has maliciously altered the OpenSSH binary on targeted systems to create a backdoor.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1573", "showSubtechniques": true}, {"techniqueID": "T1573.001", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can XOR-encrypt C2 communications.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can download additional modules from the C2 server.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1057", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can use the ps command to discover other cryptocurrency miners active on the system.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1496", "showSubtechniques": true}, {"techniqueID": "T1496.001", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can download an additional module which has a cryptocurrency mining extension.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) has discovered the OS version, CPU model, and RAM size of the system it has been installed on.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1016", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) can find the external IP address of the infected host.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1033", "comment": "[Bonadan](https://attack.mitre.org/software/S0486) has discovered the username of the user running the backdoor.(Citation: ESET ForSSHe December 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Bonadan", "color": "#66b1ff"}]}