Last week we released the B1-66ER Initial Access adversary chain and I wanted to go a bit more in depth about it.
First, let's go over the chain of 3 TTPs and then I have some questions with detailed answers to help fill in the gaps.
This takes the current version of SciPy as of last week. Then we do a build of the SciPy package (on x86-64) prior to modifying the setup.py file. Once the build is completed, we modify the setup.py to execute our agent when SciPy is installed by the user and then hide our Schism agent within the SciPy directory.
This performs a file modification to the Schism agent to communicate back to Operator. An adversary would just hardcode this in.
This will perform the install of SciPy that will then covertly execute the Schism agent. A couple of things here to keep in mind with this specific TTP: One, the Schism agent executes early in the SciPy installation process, which in doing quite a few tests with this, means you can highly likely execute Schism even if the SciPy installation fails. Two, in looking at the TTP script, you will see I redirected the installation console log to dev/null. I primarily did this because if the installation gets stuck or takes a while, you must wait till it finishes to continue doing anything with your orchestration agent. SciPy does require a few dependencies to install from source including numpy (SciPy and numpy go hand in hand), BLAS/LAPACK, gcc, gfortran, python3-dev, cython, pythran, and pybind11. Three, I used the flag ‘user’ during the installation process so that it doesn’t require sudo privileges.
I'm looking within the next B1-66ER Adversary release to include a Docker file to make it easier to perform things like installing SciPy without the need to worry about software dependencies, providing good output data for the Discovery chain, and helping with future chains as we release them. I basically want to provide a solution so that you can test the B1-66ER Adversary chains in your environment without needing to do the dirty work on your side. You can put this Docker container wherever within your environment and test your detection capabilities against these attacks.
SciPy is a Python package that has a collection of mathematical algorithms and functions that expand the Numpy package. It also makes it easier to perform visualization of data. (You can find out more about SciPy here: https://docs.scipy.org/doc/scipy/reference/tutorial/general.html)
SciPy is a great package to use in this attack because it's widely used within ML/DL environments and is a large package where not only does it take a long time to build and install on lower tier hardware it also makes it easier to hide new/modified data.
In a real scenario, I was performing some DevSecOps work helping a project that needed an environment for inference training. The hardware being used for inference was an Nvidia Jetson which has a great GPU for its size, but a terribly slow ARM CPU in comparison. Many libraries used within ML/DL are a pain overall to install and Nvidia helps with the process by providing Jetson based Docker containers. These containers - at least when I was doing this project - did not provide SciPy for the Jetson. This had me stuck with a 2+ hour install and drove me to the interwebs to figure out if this was normal and whether I could do it quicker. To my enjoyment, not only was this an issue for other people but, the way people were getting around it was either directing them to a pre-built package or a modified Docker container with it already installed.
This attack preys on the unknowing user who just wants to save time. This is in an environment where the user will likely have to wait hours already to get meaningful data back, so saving time in other places becomes valuable.
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Download Prelude Operator: https://www.prelude.org/download/current
See the latest kill chain and TTP Releases: https://chains.prelude.org/
See our open-source repositories: https://github.com/preludeorg
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/c/preludeorg