MITRE ATT&CK - Преступная группа APT-C-36

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

APT-C-36

APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional manufacturing.(Citation: QiAnXin APT-C-36 Feb2019)

ID: G0099

Associated Groups: Blind Eagle

Version: 1.1

Created: 05 May 2020

Last Modified: 26 May 2021

Name	Description
Associated Group Descriptions
Blind Eagle	(Citation: QiAnXin APT-C-36 Feb2019)

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.005	Command and Scripting Interpreter: Visual Basic	APT-C-36 has embedded a VBScript within a malicious Word document which is executed upon the document opening.(Citation: QiAnXin APT-C-36 Feb2019)
Enterprise	T1036	.004	Masquerading: Masquerade Task or Service	APT-C-36 has disguised its scheduled tasks as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019)
Enterprise	T1588	.002	Obtain Capabilities: Tool	APT-C-36 obtained and used a modified variant of Imminent Monitor.(Citation: QiAnXin APT-C-36 Feb2019)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	APT-C-36 has used spearphishing emails with password protected RAR attachment to avoid being detected by the email gateway.(Citation: QiAnXin APT-C-36 Feb2019)
Enterprise	T1053	.005	Scheduled Task/Job: Scheduled Task	APT-C-36 has used a macro function to set scheduled tasks, disguised as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019)
Enterprise	T1204	.002	User Execution: Malicious File	APT-C-36 has prompted victims to accept macros in order to execute the subsequent payload.(Citation: QiAnXin APT-C-36 Feb2019)

ID	Name	References	Techniques
Software
S0434	Imminent Monitor	(Citation: Imminent Unit42 Dec2019) (Citation: QiAnXin APT-C-36 Feb2019)	Native API, Credentials from Web Browsers, Deobfuscate/Decode Files or Information, Keylogging, File Deletion, Remote Desktop Protocol, Process Discovery, Command and Scripting Interpreter, Video Capture, Hidden Files and Directories, Resource Hijacking, Exfiltration Over C2 Channel, Audio Capture, Obfuscated Files or Information, File and Directory Discovery, Disable or Modify Tools

References

QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

APT-C-36

Associated Group Descriptions

Techniques Used

Software

References