Skip to content

Latest commit

 

History

History
57 lines (46 loc) · 1.72 KB

copy-file.md

File metadata and controls

57 lines (46 loc) · 1.72 KB
ID C0045
Objective(s) File System
Related ATT&CK Techniques None
Version 2.2
Created 4 December 2020
Last Modified 6 February 2024

Copy File

Malware copies a file.

Use in Malware

Name Date Method Description
GoBotKR 2019 -- GoBotKR copies files. [1]
Hupigon 2013 -- Hupigon copies files. [1]
Kovter 2016 -- Kovter copies files. [1]
Mebromi 2011 -- Mebromi copies files. [1]
Redhip 2011 -- Redhip copies files. [1]
Shamoon 2012 -- Shamoon copies files. [1]

Detection

Tool: capa Mapping APIs
copy file Copy File (C0045) kernel32.CopyFile, kernel32.CopyFileEx, CopyFile2, CopyFileTransacted, LZCopy, System.IO.FileInfo::CopyTo, System.IO.File::Copy, kernel32.SHFileOperation
Tool: CAPE Class Mapping APIs
injection_needextension InjectionExtension Copy File (C0045) NtCreateUserProcess, CreateProcessInternalW

References

[1] capa v4.0, analyzed at MITRE on 10/12/2022