Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

SilverTerrier

SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly targets organizations in high technology, higher education, and manufacturing.(Citation: Unit42 SilverTerrier 2018)(Citation: Unit42 SilverTerrier 2016)
ID: G0083
Associated Groups: 
Version: 1.2
Created: 29 Jan 2019
Last Modified: 27 Sep 2023

Associated Group Descriptions

Name Description

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

SilverTerrier uses HTTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)

.002 Application Layer Protocol: File Transfer Protocols

SilverTerrier uses FTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)

.003 Application Layer Protocol: Mail Protocols

SilverTerrier uses SMTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)

Software

ID Name References Techniques
S0198 NETWIRE (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017) (Citation: McAfee Netwire Mar 2015) (Citation: Unit42 SilverTerrier 2018) Proxy, Registry Run Keys / Startup Folder, Software Packing, Symmetric Cryptography, Archive via Custom Method, Malicious File, Malicious Link, Automated Collection, XDG Autostart Entries, Visual Basic, Obfuscated Files or Information, PowerShell, Process Injection, Cron, Fileless Storage, File and Directory Discovery, Process Discovery, Unix Shell, System Network Connections Discovery, Archive Collected Data, Credentials from Web Browsers, Spearphishing Link, Plist Modification, Credentials from Password Stores, Match Legitimate Name or Location, Web Service, Hidden Files and Directories, Application Window Discovery, Windows Command Shell, Invalid Code Signature, Keylogging, Native API, Scheduled Task, Screen Capture, Login Items, System Network Configuration Discovery, Web Protocols, Process Hollowing, Modify Registry, System Information Discovery, Spearphishing Attachment, Local Data Staging, Non-Application Layer Protocol, Encrypted Channel, Launch Agent, Ingress Tool Transfer
S0334 DarkComet (Citation: DarkKomet) (Citation: FYNLOS) (Citation: Fynloski) (Citation: Krademok) (Citation: Malwarebytes DarkComet March 2018) (Citation: TrendMicro DarkComet Sept 2014) (Citation: Unit42 SilverTerrier 2018) Command and Scripting Interpreter, Clipboard Data, Video Capture, System Information Discovery, Ingress Tool Transfer, Process Discovery, Windows Command Shell, Disable or Modify System Firewall, Remote Desktop Protocol, Registry Run Keys / Startup Folder, Web Protocols, Audio Capture, Disable or Modify Tools, Software Packing, Modify Registry, Keylogging, System Owner/User Discovery, Match Legitimate Name or Location
S0336 NanoCore (Citation: Cofense NanoCore Mar 2018) (Citation: DigiTrust NanoCore Jan 2017) (Citation: PaloAlto NanoCore Feb 2016) (Citation: Unit 42 Gorgon Group Aug 2018) (Citation: Unit42 SilverTerrier 2018) Ingress Tool Transfer, Windows Command Shell, System Network Configuration Discovery, Video Capture, Disable or Modify System Firewall, Obfuscated Files or Information, Audio Capture, Visual Basic, Keylogging, Modify Registry, Symmetric Cryptography, Disable or Modify Tools, Registry Run Keys / Startup Folder, Uncommonly Used Port
S0447 Lokibot (Citation: CISA Lokibot September 2020) (Citation: Infoblox Lokibot January 2019) (Citation: Morphisec Lokibot April 2020) (Citation: Talos Lokibot Jan 2021) (Citation: Unit42 SilverTerrier 2018) Visual Basic, Spearphishing Attachment, Software Packing, Obfuscated Files or Information, Deobfuscate/Decode Files or Information, Credentials from Password Stores, Reflective Code Loading, Process Hollowing, System Owner/User Discovery, File and Directory Discovery, Keylogging, Windows Command Shell, Modify Registry, Scheduled Task, Time Based Evasion, Exfiltration Over C2 Channel, Scheduled Task/Job, Bypass User Account Control, System Information Discovery, Native API, Hidden Files and Directories, PowerShell, System Network Configuration Discovery, File Deletion, Malicious File, Web Protocols, Ingress Tool Transfer, Credentials from Web Browsers
S0331 Agent Tesla (Citation: Bitdefender Agent Tesla April 2020) (Citation: DigiTrust Agent Tesla Jan 2017) (Citation: Fortinet Agent Tesla April 2018) (Citation: Malwarebytes Agent Tesla April 2020) (Citation: Talos Agent Tesla Oct 2018) (Citation: Unit42 SilverTerrier 2018) Process Injection, Virtualization/Sandbox Evasion, Clipboard Data, Spearphishing Attachment, Screen Capture, Local Account, Registry Run Keys / Startup Folder, Credentials In Files, Windows Management Instrumentation, Malicious File, Exploitation for Client Execution, System Network Configuration Discovery, Regsvcs/Regasm, System Time Discovery, System Owner/User Discovery, Ingress Tool Transfer, Process Discovery, Credentials from Web Browsers, Video Capture, Obfuscated Files or Information, Browser Session Hijacking, Web Protocols, Exfiltration Over Unencrypted Non-C2 Protocol, Hidden Window, Keylogging, Scheduled Task, Hidden Files and Directories, Deobfuscate/Decode Files or Information, Credentials from Password Stores, System Information Discovery, Disable or Modify Tools, Archive Collected Data, Mail Protocols, Modify Registry, Uncommonly Used Port, Process Hollowing, Credentials in Registry, Wi-Fi Discovery

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.