Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

RTM

RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name (RTM). (Citation: ESET RTM Feb 2017)

ID: G0048

Associated Groups:

Version: 1.1

Created: 31 May 2017

Last Modified: 12 May 2020

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	RTM has used Registry run keys to establish persistence for the RTM Trojan and other tools, such as a modified version of TeamViewer remote desktop software.(Citation: ESET RTM Feb 2017)(Citation: Group IB RTM August 2019)
Enterprise	T1574	.001	Hijack Execution Flow: DLL Search Order Hijacking	RTM has used search order hijacking to force TeamViewer to load a malicious DLL.(Citation: Group IB RTM August 2019)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	RTM has used spearphishing attachments to distribute its malware.(Citation: Group IB RTM August 2019)
Enterprise	T1204	.002	User Execution: Malicious File	RTM has attempted to lure victims into opening e-mail attachments to execute malicious code.(Citation: Group IB RTM August 2019)
Enterprise	T1102	.001	Web Service: Dead Drop Resolver	RTM has used an RSS feed on Livejournal to update a list of encrypted C2 server names.(Citation: ESET RTM Feb 2017)

ID	Name	References	Techniques
Software
S0148	RTM	(Citation: ESET RTM Feb 2017) (Citation: Redaman) (Citation: Unit42 Redaman January 2019)	Bypass User Account Control, Remote Access Software, Windows Command Shell, Clipboard Data, Keylogging, Dynamic Resolution, Spearphishing Attachment, Registry Run Keys / Startup Folder, Peripheral Device Discovery, System Time Discovery, Dynamic Data Exchange, Code Signing, Virtualization/Sandbox Evasion, Indicator Removal, Scheduled Task, Custom Command and Control Protocol, Masquerade Task or Service, Symmetric Cryptography, Modify Registry, Dead Drop Resolver, Native API, Automated Collection, System Owner/User Discovery, Install Root Certificate, Web Protocols, Rundll32, Non-Standard Port, System Information Discovery, Ingress Tool Transfer, File and Directory Discovery, Obfuscated Files or Information, Security Software Discovery, Malicious File, Process Discovery, Software Discovery, Screen Capture, Clear Persistence, Masquerading, File Deletion

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

RTM

Associated Group Descriptions

Techniques Used

Software

References