Malware: H1N1

Description

[H1N1](https://attack.mitre.org/software/S0132) is a malware variant that has been distributed via a campaign using VBA macros to infect victims. Although it initially had only loader capabilities, it has evolved to include information-stealing functionality. (Citation: Cisco H1N1 Part 1)

External References

• mitre-attack
• Cisco H1N1 Part 1

Techniques Used by This Malware

• T1027 — Obfuscated Files or Information
• T1027.002 — Software Packing
• T1059.003 — Windows Command Shell
• T1080 — Taint Shared Content
• T1091 — Replication Through Removable Media
• T1105 — Ingress Tool Transfer
• T1132 — Data Encoding
• T1490 — Inhibit System Recovery
• T1548.002 — Bypass User Account Control
• T1555.003 — Credentials from Web Browsers
• T1562.001 — Disable or Modify Tools
• T1562.004 — Disable or Modify System Firewall
• T1573.001 — Symmetric Cryptography