{"description": "Enterprise techniques used by Pandora, ATT&CK software S0664 (v1.0)", "name": "Pandora (S0664)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.001", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can communicate over HTTP.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1543", "showSubtechniques": true}, {"techniqueID": "T1543.003", "comment": "[Pandora](https://attack.mitre.org/software/S0664) has the ability to gain system privileges through Windows services.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1573", "showSubtechniques": true}, {"techniqueID": "T1573.001", "comment": "[Pandora](https://attack.mitre.org/software/S0664) has the ability to encrypt communications with D3DES.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1068", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can use CVE-2017-15303 to bypass Windows Driver Signature Enforcement (DSE) protection and load its driver.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1574", "showSubtechniques": true}, {"techniqueID": "T1574.001", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can use DLL side-loading to execute malicious payloads.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can load additional drivers and files onto a victim machine.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1112", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can write an encrypted token to the Registry to enable processing of remote commands.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1027", "showSubtechniques": true}, {"techniqueID": "T1027.015", "comment": "[Pandora](https://attack.mitre.org/software/S0664) has the ability to compress stings with QuickLZ.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1057", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can monitor processes on a compromised host.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1055", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can start and inject code into a new `svchost` process.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1553", "showSubtechniques": true}, {"techniqueID": "T1553.006", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can use CVE-2017-15303 to disable Windows Driver Signature Enforcement (DSE) protection and load its driver.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1569", "showSubtechniques": true}, {"techniqueID": "T1569.002", "comment": "[Pandora](https://attack.mitre.org/software/S0664) has the ability to install itself as a Windows service.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1205", "comment": "[Pandora](https://attack.mitre.org/software/S0664) can identify if incoming HTTP traffic contains a token and if so it will intercept the traffic and process the received command.(Citation: Trend Micro Iron Tiger April 2021)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Pandora", "color": "#66b1ff"}]}