| ID | B0028 |
| Objective(s) | Collection, Credential Access |
| Related ATT&CK Techniques | None |
| Version | 2.3 |
| Created | 14 August 2020 |
| Last Modified | 27 April 2024 |
Malware accesses files that contain sensitive data or credentials related to Bitcoin and other cryptocurrency wallets.
| Name | ID | Description |
|---|---|---|
| Bitcoin | B0028.001 | Access Bitcoin data. |
| Ethereum | B0028.002 | Access Ethereum data. |
| Zcash | B0028.003 | Access Zcash data. |
| Name | Date | Method | Description |
|---|---|---|---|
| ElectroRAT | 2020 | -- | ElectroRat examines the disk for cryptocurrency addresses and keys to steal money from a wallet. It compromises multiple currencies, including Monaro, Doegecoin, Ethereum, Litecoin, and Bitcoin. [1] |
| Tool: CAPE | Mapping | APIs |
|---|---|---|
| infostealer_bitcoin | Cryptocurrency (B0028) | -- |
| infostealer_bitcoin | Cryptocurrency::Bitcoin (B0028.001) | -- |
[1] https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/