Malware: Lucifer

Description

[Lucifer](https://attack.mitre.org/software/S0532) is a crypto miner and DDoS hybrid malware that leverages well-known exploits to spread laterally on Windows platforms.(Citation: Unit 42 Lucifer June 2020)

External References

• mitre-attack
• Unit 42 Lucifer June 2020

Techniques Used by This Malware

• T1012 — Query Registry
• T1016 — System Network Configuration Discovery
• T1021.002 — SMB/Windows Admin Shares
• T1027.002 — Software Packing
• T1033 — System Owner/User Discovery
• T1046 — Network Service Discovery
• T1047 — Windows Management Instrumentation
• T1049 — System Network Connections Discovery
• T1053.005 — Scheduled Task
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1070.001 — Clear Windows Event Logs
• T1071 — Application Layer Protocol
• T1082 — System Information Discovery
• T1105 — Ingress Tool Transfer
• T1110.001 — Password Guessing
• T1140 — Deobfuscate/Decode Files or Information
• T1210 — Exploitation of Remote Services
• T1496.001 — Compute Hijacking
• T1497.001 — System Checks
• T1498 — Network Denial of Service
• T1547.001 — Registry Run Keys / Startup Folder
• T1570 — Lateral Tool Transfer
• T1573.001 — Symmetric Cryptography