Skip to content

Latest commit

 

History

History
60 lines (50 loc) · 2.86 KB

writes-file.md

File metadata and controls

60 lines (50 loc) · 2.86 KB
ID C0052
Objective(s) File System
Related ATT&CK Techniques None
Version 2.0
Created 4 December 2020
Last Modified 13 September 2023

Writes File

Use in Malware

Name Date Method Description
CryptoLocker 2013 -- CryptoLocker writes Fileon Windows. [1]
Dark Comet 2008 -- Dark Comet writes Fileon Windows. [1]
DNSChanger 2011 -- DNSChanger writes Fileon Windows. [1]
Gamut 2014 -- Gamut writes files on Windows. [1]
GravityRAT 2018 -- GravityRAT writes files on Windows. [1]
Hupigon 2013 -- Hupigon writes files on Windows. [1]
Locky Bart 2017 -- Locky Bart writes files on Windows. [1]
Poison Ivy 2005 -- Poison Ivy writes files on Windows. [1]
Redhip 2011 -- Redhip writes files on Windows. [1]
Rombertik 2015 -- Rombertik writes files on Windows. [1]
Shamoon 2012 -- Shamoon writes files on Windows. [1]
UP007 2016 -- UP007 writes files on Windows. [1]

Detection

Tool: capa Mapping APIs
write file on Linux Writes File (C0052) fputc, fputs, putc, write, fputwc, putwc, fputws, write, fwrite, putwchar
write file on Windows Writes File (C0052) kernel32.WriteFile, kernel32.WriteFileEx, NtWriteFile, ZwWriteFile, _fwrite, fwrite, System.IO.File::WriteAllBytes, System.IO.File::WriteAllBytesAsync, System.IO.File::WriteAllLines, System.IO.File::WriteAllLinesAsync, System.IO.File::WriteAllText, System.IO.File::WriteAllTextAsync, System.IO.File::AppendAllLines, System.IO.File::AppendAllLinesAsync, System.IO.File::AppendAllText, System.IO.File::AppendAllTextAsync, System.IO.File::AppendText, System.IO.FileInfo::AppendText
create process memory minidump Writes File (C0052) dbghelp.MiniDumpWriteDump

References

[1] capa v4.0, analyzed at MITRE on 10/12/2022