| ID | B0033 |
| Objective(s) | Impact |
| Related ATT&CK Techniques | Network Denial of Service (T1498) |
| Impact Type | Availability |
| Version | 2.2 |
| Created | 1 August 2019 |
| Last Modified | 30 April 2024 |
Malware may make a network unavailable, for example, by launching a network-based denial of service (DoS) attack.
Endpoint denial of service behaviors are captured by the Endpoint Denial of Service (T1499) technique.
The related Network Denial of Service (T1498) ATT&CK technique was defined subsequent to this MBC behavior.
| Name | Date | Method | Description |
|---|---|---|---|
| BlackEnergy | 2007 | -- | BlackEnergy launches distributed denial of service attacks that can target more than one IP address per hostname. [1] |
| GoBotKR | 2019 | -- | GoBotKR has been used to execute endpoint DDoS attacks – for example, TCP Flood or SYN Flood. [2] |
| Tool: CAPE | Mapping | APIs |
|---|---|---|
| cve_2016_7200 | Denial of Service (B0033) | JsEval, COleScript_ParseScriptText, COleScript_Compile |
| network_cnc_http | Denial of Service (B0033) | -- |
| cve_2015_2419_js | Denial of Service (B0033) | JsEval, COleScript_ParseScriptText, COleScript_Compile |
| cve_2016-0189 | Denial of Service (B0033) | JsEval, COleScript_ParseScriptText, COleScript_Compile |
[1] https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf
[2] https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/