Description
[Koadic](https://attack.mitre.org/software/S0250) is a Windows post-exploitation framework and penetration testing tool that is publicly available on GitHub. [Koadic](https://attack.mitre.org/software/S0250) has several options for staging payloads and creating implants, and performs most of its operations using Windows Script Host.(Citation: Github Koadic)(Citation: Palo Alto Sofacy 06-2018)(Citation: MalwareBytes LazyScripter Feb 2021)
External References
Techniques Used by This Tool
- T1003.002 — Security Account Manager
- T1003.003 — NTDS
- T1005 — Data from Local System
- T1016 — System Network Configuration Discovery
- T1021.001 — Remote Desktop Protocol
- T1033 — System Owner/User Discovery
- T1046 — Network Service Discovery
- T1047 — Windows Management Instrumentation
- T1053.005 — Scheduled Task
- T1055.001 — Dynamic-link Library Injection
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1059.005 — Visual Basic
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1105 — Ingress Tool Transfer
- T1115 — Clipboard Data
- T1135 — Network Share Discovery
- T1218.005 — Mshta
- T1218.010 — Regsvr32
- T1218.011 — Rundll32
- T1547.001 — Registry Run Keys / Startup Folder
- T1548.002 — Bypass User Account Control
- T1564.003 — Hidden Window
- T1569.002 — Service Execution
- T1573.002 — Asymmetric Cryptography