Description
The File Manager feature in malware serves as a Swiss Army knife for cybercriminals, enabling them to list, download, upload, or delete files on a compromised system. Acting as an illicit file explorer, this feature provides comprehensive access to the victim's stored data, whether it's sensitive personal information, valuable intellectual property, or configuration files that can be manipulated for further compromise. The ability to upload files also means the attacker can place additional malicious payloads or tools on the system, facilitating a deeper level of exploitation. Likewise, the download function allows for easy exfiltration of valuable or sensitive data. Deleting files can either be used to cover tracks or cause harm, making the File Manager feature a versatile tool in the arsenal of a cybercriminal.
| Categories | File System, Alteration, Disruption, Exfiltration |
| Dangerousness | High |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Execute Programs
|
File Manager, Shell Access | 0 | |
 File Search
|
File Manager | 0 | |
 File System Enumeration
|
File Manager | 0 | |
 Network Shares Enumeration
|
File Manager, Network Manager | 0 |
Hue 1.0
ProRat 1.2
ProRat 1.3
Nuclear RAT 1.0 Beta 5
Beast 2.06
ProRat 1.4
LanFiltrator 1.5 Beta III
ProRat 1.6
ProRat 1.8
Infector NG 2004 2.1.0
Amiboide 1.0
Amiboide 2.0
Optix Pro 1.33
Beast 2.07
Flux 1.0
Institution 2004 0.4.0
CIA 1.3
Seed 1.1
ProRat 1.9
Y3K rat 2k5 RC 1.0
DARKMOON 4.11 / 4.11 Private Edition
TrojNa$ 1.0
Bersek 1.1
Turkojan 3.0
Bifrost 1.2.1
Bandook 1.35
Poison Ivy 2.3.0
Hav-Rat 1.3.2
sharK 2.4.0 Fwb+
Nuclear RAT 2.1.0
Poison Ivy 2.3.2
Turkojan 4
Turkojan 4.0
sharK 3.1 fwb++
Lost Door 3.0 Stable
SynRAT 4.0.1
PrjRAPTOR 1.8
Cerberus 1.0 Beta
Cerberus 1.01 Beta
Cerberus 1.02 Beta
SynRAT 4.3.1-A-1
Apocalypse RAT 1.4
Cerberus 1.03.4
Spy-Net 2.6
DarkComet RAT 1.3
Cerberus 1.03.5 Beta
DarkComet RAT 2.0 RC4
CyberGate 1.04.8
Lost Door 4.3.1
DarkComet RAT 2.0 RC7