Description
[PcShare](https://attack.mitre.org/software/S1050) is an open source remote access tool that has been modified and used by Chinese threat actors, most notably during the FunnyDream campaign since late 2018.(Citation: Bitdefender FunnyDream Campaign November 2020)(Citation: GitHub PcShare 2014)
External References
Techniques Used by This Tool
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1027.013 — Encrypted/Encoded File
- T1027.015 — Compression
- T1036.001 — Invalid Code Signature
- T1036.005 — Match Legitimate Resource Name or Location
- T1041 — Exfiltration Over C2 Channel
- T1055 — Process Injection
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1106 — Native API
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1125 — Video Capture
- T1140 — Deobfuscate/Decode Files or Information
- T1218.011 — Rundll32
- T1546.015 — Component Object Model Hijacking