Skip to content

Latest commit

 

History

History
56 lines (44 loc) · 1.51 KB

environment-variable.md

File metadata and controls

56 lines (44 loc) · 1.51 KB
Raw
ID C0034
Objective(s) Operating System
Related ATT&CK Techniques None
Version 2.0
Created 4 December 2020
Last Modified 5 December 2023

Environment Variable

Malware modifies environment variables.

Methods

Name ID Description
Set Variable C0034.001 Malware sets an environment variable.

Use in Malware

Name Date Method Description
Kovter 2016 C0034.001 Kovter sets environment variables. [1]
UP007 2016 C0034.001 UP007 sets environment variables. [1]

Detection

Tool: capa Mapping APIs
set environment variable Environment Variable::Set Variable (C0034.001) kernel32.SetEnvironmentStrings, kernel32.SetEnvironmentVariable, System.Environment::SetEnvironmentVariable
get COMSPEC environment variable Environment Variable (C0034) --

References

[1] capa v4.0, analyzed at MITRE on 10/12/2022