Malware: ccf32

Description

[ccf32](https://attack.mitre.org/software/S1043) is data collection malware that has been used since at least February 2019, most notably during the [FunnyDream](https://attack.mitre.org/campaigns/C0007) campaign; there is also a similar x64 version.(Citation: Bitdefender FunnyDream Campaign November 2020)

External References

• mitre-attack
• Bitdefender FunnyDream Campaign November 2020

Techniques Used by This Malware

• T1005 — Data from Local System
• T1048.003 — Exfiltration Over Unencrypted Non-C2 Protocol
• T1053.005 — Scheduled Task
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1074.001 — Local Data Staging
• T1074.002 — Remote Data Staging
• T1083 — File and Directory Discovery
• T1119 — Automated Collection
• T1124 — System Time Discovery
• T1560.001 — Archive via Utility
• T1564.001 — Hidden Files and Directories