MITRE ATT&CK - Преступная группа The White Company

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

The White Company

The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)

ID: G0089

Associated Groups:

Version: 1.1

Created: 02 May 2019

Last Modified: 30 Mar 2020

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1070	.004	Indicator Removal: File Deletion	The White Company has the ability to delete its malware entirely from the target system.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1027	.002	Obfuscated Files or Information: Software Packing	The White Company has obfuscated their payloads through packing.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	The White Company has sent phishing emails with malicious Microsoft Word attachments to victims.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	The White Company has checked for specific antivirus products on the target’s computer, including Kaspersky, Quick Heal, AVG, BitDefender, Avira, Sophos, Avast!, and ESET.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1204	.002	User Execution: Malicious File	The White Company has used phishing lure documents that trick users into opening them and infecting their computers.(Citation: Cylance Shaheen Nov 2018)

ID	Name	References	Techniques
Software
S0198	NETWIRE	(Citation: Cylance Shaheen Nov 2018) (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017) (Citation: McAfee Netwire Mar 2015)	Proxy, Registry Run Keys / Startup Folder, Software Packing, Symmetric Cryptography, Archive via Custom Method, Malicious File, Malicious Link, Automated Collection, XDG Autostart Entries, Visual Basic, Obfuscated Files or Information, PowerShell, Process Injection, Cron, File and Directory Discovery, Process Discovery, Unix Shell, System Network Connections Discovery, Archive Collected Data, Credentials from Web Browsers, Spearphishing Link, Plist Modification, Credentials from Password Stores, Match Legitimate Name or Location, Web Service, Hidden Files and Directories, Application Window Discovery, Windows Command Shell, Invalid Code Signature, Keylogging, Native API, Scheduled Task, Screen Capture, Login Items, System Network Configuration Discovery, Web Protocols, Process Hollowing, Modify Registry, System Information Discovery, Spearphishing Attachment, Local Data Staging, Non-Application Layer Protocol, Encrypted Channel, Launch Agent, Ingress Tool Transfer
S0379	Revenge RAT	(Citation: Cofense RevengeRAT Feb 2019) (Citation: Cylance Shaheen Nov 2018)	System Owner/User Discovery, Keylogging, Ingress Tool Transfer, OS Credential Dumping, Video Capture, Remote Desktop Protocol, System Information Discovery, Standard Encoding, Uncommonly Used Port, Bidirectional Communication, System Network Configuration Discovery, Mshta, Registry Run Keys / Startup Folder, Audio Capture, Windows Command Shell, PowerShell, Indirect Command Execution, Screen Capture, Scheduled Task

References

Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

The White Company

Associated Group Descriptions

Techniques Used

Software

References