Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. TinyZBot

TinyZBot

TinyZBot is a bot written in C# that was developed by Cleaver. [1]

ID: S0004
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

TinyZBot can create a shortcut in the Windows startup folder for persistence.[1]
.009 Boot or Logon Autostart Execution: Shortcut Modification

TinyZBot can create a shortcut in the Windows startup folder for persistence.[1]
Enterprise T1115 Clipboard Data

TinyZBot contains functionality to collect information from the clipboard.[1]
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

TinyZBot supports execution from the command-line.[1]
Enterprise T1543 .003 Create or Modify System Process: Windows Service

TinyZBot can install as a Windows service for persistence.[1]
Enterprise T1562 .001 Impair Defenses: Disable or Modify Tools

TinyZBot can disable Avira anti-virus.[1]
Enterprise T1056 .001 Input Capture: Keylogging

TinyZBot contains keylogger functionality.[1]
Enterprise T1113 Screen Capture

TinyZBot contains screen capture functionality.[1]

Groups That Use This Software

ID Name References
G0003 Cleaver

[1]

References

  1. Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.