Malware: FRAMESTING

Description

[FRAMESTING](https://attack.mitre.org/software/S1120) is a Python web shell that was used during [Cutting Edge](https://attack.mitre.org/campaigns/C0029) to embed into an Ivanti Connect Secure Python package for command execution.(Citation: Mandiant Cutting Edge Part 2 January 2024)

External References

• mitre-attack
• Mandiant Cutting Edge Part 2 January 2024

Techniques Used by This Malware

• T1001 — Data Obfuscation
• T1001.003 — Protocol or Service Impersonation
• T1059.006 — Python
• T1071.001 — Web Protocols
• T1140 — Deobfuscate/Decode Files or Information
• T1505.003 — Web Shell
• T1554 — Compromise Host Software Binary