Description
[HAWKBALL](https://attack.mitre.org/software/S0391) is a backdoor that was observed in targeting of the government sector in Central Asia.(Citation: FireEye HAWKBALL Jun 2019)
External References
Techniques Used by This Malware
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1106 — Native API
- T1203 — Exploitation for Client Execution
- T1559.002 — Dynamic Data Exchange
- T1560.003 — Archive via Custom Method