Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

The White Company

The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)

ID: G0089

Associated Groups:

Version: 1.1

Created: 02 May 2019

Last Modified: 25 Apr 2025

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1070	.004	Indicator Removal: File Deletion	The White Company has the ability to delete its malware entirely from the target system.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1027	.002	Obfuscated Files or Information: Software Packing	The White Company has obfuscated their payloads through packing.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	The White Company has sent phishing emails with malicious Microsoft Word attachments to victims.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	The White Company has checked for specific antivirus products on the target’s computer, including Kaspersky, Quick Heal, AVG, BitDefender, Avira, Sophos, Avast!, and ESET.(Citation: Cylance Shaheen Nov 2018)
Enterprise	T1204	.002	User Execution: Malicious File	The White Company has used phishing lure documents that trick users into opening them and infecting their computers.(Citation: Cylance Shaheen Nov 2018)

ID	Name	References	Techniques
Software
S0198	NETWIRE	(Citation: Cylance Shaheen Nov 2018) (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017) (Citation: McAfee Netwire Mar 2015)	Scheduled Task, Screen Capture, Fileless Storage, Keylogging, Archive via Custom Method, Local Data Staging, Match Legitimate Resource Name or Location, Malicious File, Symmetric Cryptography, Cron, Spearphishing Link, Spearphishing Attachment, Automated Collection, System Information Discovery, Native API, Credentials from Password Stores, Process Injection, Application Window Discovery, Archive Collected Data, Modify Registry, Credentials from Web Browsers, Plist Modification, System Network Configuration Discovery, Proxy, File and Directory Discovery, System Network Connections Discovery, Web Service, Login Items, Process Discovery, PowerShell, Registry Run Keys / Startup Folder, Unix Shell, Process Hollowing, Obfuscated Files or Information, Invalid Code Signature, Encrypted Channel, Non-Application Layer Protocol, Launch Agent, Windows Command Shell, Software Packing, Web Protocols, Visual Basic, XDG Autostart Entries, Ingress Tool Transfer, Hidden Files and Directories, Malicious Link
S0379	Revenge RAT	(Citation: Cofense RevengeRAT Feb 2019) (Citation: Cylance Shaheen Nov 2018)	Scheduled Task, Screen Capture, System Owner/User Discovery, Standard Encoding, Keylogging, OS Credential Dumping, Audio Capture, System Information Discovery, Indirect Command Execution, Winlogon Helper DLL, Video Capture, System Network Configuration Discovery, Mshta, PowerShell, Bidirectional Communication, Uncommonly Used Port, Windows Command Shell, Ingress Tool Transfer, Remote Desktop Protocol

References

Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

The White Company

Associated Group Descriptions

Techniques Used

Software

References