Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

SilverTerrier

SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly targets organizations in high technology, higher education, and manufacturing.(Citation: Unit42 SilverTerrier 2018)(Citation: Unit42 SilverTerrier 2016)

ID: G0083

Associated Groups:

Version: 1.2

Created: 29 Jan 2019

Last Modified: 27 Sep 2023

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	SilverTerrier uses HTTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)
		.002	Application Layer Protocol: File Transfer Protocols	SilverTerrier uses FTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)
		.003	Application Layer Protocol: Mail Protocols	SilverTerrier uses SMTP for C2 communications.(Citation: Unit42 SilverTerrier 2018)

ID	Name	References	Techniques
Software
S0198	NETWIRE	(Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017) (Citation: McAfee Netwire Mar 2015) (Citation: Unit42 SilverTerrier 2018)	Scheduled Task, Screen Capture, Fileless Storage, Keylogging, Archive via Custom Method, Local Data Staging, Match Legitimate Resource Name or Location, Malicious File, Symmetric Cryptography, Cron, Spearphishing Link, Spearphishing Attachment, Automated Collection, System Information Discovery, Native API, Credentials from Password Stores, Process Injection, Application Window Discovery, Archive Collected Data, Modify Registry, Credentials from Web Browsers, Plist Modification, System Network Configuration Discovery, Proxy, File and Directory Discovery, System Network Connections Discovery, Web Service, Login Items, Process Discovery, PowerShell, Registry Run Keys / Startup Folder, Unix Shell, Process Hollowing, Obfuscated Files or Information, Invalid Code Signature, Encrypted Channel, Non-Application Layer Protocol, Launch Agent, Windows Command Shell, Software Packing, Web Protocols, Visual Basic, XDG Autostart Entries, Ingress Tool Transfer, Hidden Files and Directories, Malicious Link
S0334	DarkComet	(Citation: DarkKomet) (Citation: FYNLOS) (Citation: Fynloski) (Citation: Krademok) (Citation: Malwarebytes DarkComet March 2018) (Citation: TrendMicro DarkComet Sept 2014) (Citation: Unit42 SilverTerrier 2018)	System Owner/User Discovery, Keylogging, Audio Capture, Match Legitimate Resource Name or Location, Clipboard Data, System Information Discovery, Disable or Modify System Firewall, Modify Registry, Video Capture, Command and Scripting Interpreter, Process Discovery, Registry Run Keys / Startup Folder, Disable or Modify Tools, Windows Command Shell, Software Packing, Web Protocols, Ingress Tool Transfer, Remote Desktop Protocol
S0336	NanoCore	(Citation: Cofense NanoCore Mar 2018) (Citation: DigiTrust NanoCore Jan 2017) (Citation: PaloAlto NanoCore Feb 2016) (Citation: Unit 42 Gorgon Group Aug 2018) (Citation: Unit42 SilverTerrier 2018)	Keylogging, Audio Capture, Symmetric Cryptography, Disable or Modify System Firewall, Modify Registry, Video Capture, System Network Configuration Discovery, Registry Run Keys / Startup Folder, Disable or Modify Tools, Obfuscated Files or Information, Uncommonly Used Port, Windows Command Shell, Visual Basic, Ingress Tool Transfer
S0447	Lokibot	(Citation: CISA Lokibot September 2020) (Citation: Infoblox Lokibot January 2019) (Citation: Morphisec Lokibot April 2020) (Citation: Talos Lokibot Jan 2021) (Citation: Unit42 SilverTerrier 2018)	Scheduled Task, System Owner/User Discovery, Keylogging, Bypass User Account Control, Malicious File, Spearphishing Attachment, System Information Discovery, Scheduled Task/Job, Native API, Deobfuscate/Decode Files or Information, Credentials from Password Stores, Reflective Code Loading, Time Based Evasion, Modify Registry, Credentials from Web Browsers, System Network Configuration Discovery, File and Directory Discovery, Exfiltration Over C2 Channel, PowerShell, Process Hollowing, Obfuscated Files or Information, Windows Command Shell, File Deletion, Software Packing, Web Protocols, Visual Basic, Ingress Tool Transfer, Hidden Files and Directories
S0331	Agent Tesla	(Citation: Bitdefender Agent Tesla April 2020) (Citation: DigiTrust Agent Tesla Jan 2017) (Citation: Fortinet Agent Tesla April 2018) (Citation: Malwarebytes Agent Tesla April 2020) (Citation: Talos Agent Tesla Oct 2018) (Citation: Unit42 SilverTerrier 2018)	Scheduled Task, Windows Management Instrumentation, Screen Capture, System Owner/User Discovery, Keylogging, Malicious File, Local Account, Spearphishing Attachment, Clipboard Data, Credentials in Registry, System Information Discovery, Deobfuscate/Decode Files or Information, Credentials from Password Stores, Process Injection, Wi-Fi Discovery, Archive Collected Data, Browser Session Hijacking, Mail Protocols, Modify Registry, Credentials from Web Browsers, Video Capture, System Network Configuration Discovery, Virtualization/Sandbox Evasion, Credentials In Files, Process Discovery, Registry Run Keys / Startup Folder, Disable or Modify Tools, Process Hollowing, Obfuscated Files or Information, Exploitation for Client Execution, Regsvcs/Regasm, Uncommonly Used Port, Hidden Window, Web Protocols, Ingress Tool Transfer, Hidden Files and Directories, System Time Discovery, Exfiltration Over Unencrypted Non-C2 Protocol

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

SilverTerrier

Associated Group Descriptions

Techniques Used

Software

References