BATELEUR

BATELEURBateleur

Description

Bateleur deployments began not long after JS Flash and were also written in JavaScript. Deployments were more infrequent and testing was not observed. It is likely that Bateleur was run in parallel as an alternative tool and eventually replaced JS Flash as CARBON SPIDER’s first stage tool of choice. Although much simpler in design than JS Flash, all executing out of a single script with more basic obfuscation, Bateleur has a wealth of capabilities—including the ability to download arbitrary scripts and executables, deploy TinyMet, execute commands via PowerShell, deploy a credential stealer, and collect victim system information such as screenshots.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
JS Flash
Software
Sekur
Software
CARROTBAT
Software
VB Flash
Software
Brushaloader
Actor
RATPAK SPIDER
Sourced from MITRE ATT&CK Enterprise . Curated by Adam Lundqvist, SQUR.