Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

The White Company

The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)
ID: G0089
Associated Groups: 
Version: 1.1
Created: 02 May 2019
Last Modified: 30 Mar 2020

Associated Group Descriptions

Name Description

Techniques Used

Domain ID Name Use
Enterprise T1070 .004 Indicator Removal: File Deletion

The White Company has the ability to delete its malware entirely from the target system.(Citation: Cylance Shaheen Nov 2018)

Enterprise T1027 .002 Obfuscated Files or Information: Software Packing

The White Company has obfuscated their payloads through packing.(Citation: Cylance Shaheen Nov 2018)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

The White Company has sent phishing emails with malicious Microsoft Word attachments to victims.(Citation: Cylance Shaheen Nov 2018)

Enterprise T1518 .001 Software Discovery: Security Software Discovery

The White Company has checked for specific antivirus products on the target’s computer, including Kaspersky, Quick Heal, AVG, BitDefender, Avira, Sophos, Avast!, and ESET.(Citation: Cylance Shaheen Nov 2018)

Enterprise T1204 .002 User Execution: Malicious File

The White Company has used phishing lure documents that trick users into opening them and infecting their computers.(Citation: Cylance Shaheen Nov 2018)

Software

ID Name References Techniques
S0198 NETWIRE (Citation: Cylance Shaheen Nov 2018) (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017) (Citation: McAfee Netwire Mar 2015) Proxy, Registry Run Keys / Startup Folder, Software Packing, Symmetric Cryptography, Archive via Custom Method, Malicious File, Malicious Link, Automated Collection, XDG Autostart Entries, Visual Basic, Obfuscated Files or Information, PowerShell, Process Injection, Cron, Fileless Storage, File and Directory Discovery, Process Discovery, Unix Shell, System Network Connections Discovery, Archive Collected Data, Credentials from Web Browsers, Spearphishing Link, Plist Modification, Credentials from Password Stores, Match Legitimate Name or Location, Web Service, Hidden Files and Directories, Application Window Discovery, Windows Command Shell, Invalid Code Signature, Keylogging, Native API, Scheduled Task, Screen Capture, Login Items, System Network Configuration Discovery, Web Protocols, Process Hollowing, Modify Registry, System Information Discovery, Spearphishing Attachment, Local Data Staging, Non-Application Layer Protocol, Encrypted Channel, Launch Agent, Ingress Tool Transfer
S0379 Revenge RAT (Citation: Cofense RevengeRAT Feb 2019) (Citation: Cylance Shaheen Nov 2018) System Owner/User Discovery, Keylogging, Ingress Tool Transfer, OS Credential Dumping, Video Capture, Remote Desktop Protocol, System Information Discovery, Standard Encoding, Uncommonly Used Port, Bidirectional Communication, System Network Configuration Discovery, Mshta, Winlogon Helper DLL, Audio Capture, Windows Command Shell, PowerShell, Indirect Command Execution, Screen Capture, Scheduled Task

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.