Description
[Bisonal](https://attack.mitre.org/software/S0268) is a remote access tool (RAT) that has been used by [Tonto Team](https://attack.mitre.org/groups/G0131) against public and private sector organizations in Russia, South Korea, and Japan since at least December 2010.(Citation: Unit 42 Bisonal July 2018)(Citation: Talos Bisonal Mar 2020)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1027.001 — Binary Padding
- T1027.002 — Software Packing
- T1027.013 — Encrypted/Encoded File
- T1036 — Masquerading
- T1036.005 — Match Legitimate Resource Name or Location
- T1041 — Exfiltration Over C2 Channel
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1059.005 — Visual Basic
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1090 — Proxy
- T1095 — Non-Application Layer Protocol
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1112 — Modify Registry
- T1124 — System Time Discovery
- T1132.001 — Standard Encoding
- T1137.006 — Add-ins
- T1140 — Deobfuscate/Decode Files or Information
- T1204.002 — Malicious File
- T1218.011 — Rundll32
- T1497 — Virtualization/Sandbox Evasion
- T1497.003 — Time Based Evasion
- T1543.003 — Windows Service
- T1547.001 — Registry Run Keys / Startup Folder
- T1566.001 — Spearphishing Attachment
- T1568 — Dynamic Resolution
- T1573.001 — Symmetric Cryptography