Description
[FELIXROOT](https://attack.mitre.org/software/S0267) is a backdoor that has been used to target Ukrainian victims. (Citation: FireEye FELIXROOT July 2018)
External References
Techniques Used by This Malware
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1047 — Windows Management Instrumentation
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1105 — Ingress Tool Transfer
- T1112 — Modify Registry
- T1124 — System Time Discovery
- T1218.011 — Rundll32
- T1518.001 — Security Software Discovery
- T1547.001 — Registry Run Keys / Startup Folder
- T1547.009 — Shortcut Modification
- T1560 — Archive Collected Data