Sharpshooter
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Sharpshooter's first-stage downloader installed Rising Sun to the startup folder |
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
Sharpshooter's first-stage downloader was a VBA macro.(Citation: McAfee Sharpshooter December 2018) |
Enterprise | T1559 | .002 | Inter-Process Communication: Dynamic Data Exchange |
Sharpshooter has sent malicious Word OLE documents to victims.(Citation: McAfee Sharpshooter December 2018) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Sharpshooter has sent malicious attachments via emails to targets.(Citation: McAfee Sharpshooter December 2018) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Sharpshooter has sent malicious DOC and PDF files to targets so that they can be opened by a user.(Citation: McAfee Sharpshooter December 2018) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0448 | Rising Sun | (Citation: McAfee Sharpshooter December 2018) | File Deletion, Data from Local System, System Owner/User Discovery, Archive via Custom Method, Deobfuscate/Decode Files or Information, System Information Discovery, Encrypted/Encoded File, Web Protocols, Indicator Removal, Process Discovery, Asymmetric Cryptography, Exfiltration Over C2 Channel, Internet Connection Discovery, Windows Command Shell, File and Directory Discovery, Query Registry, Native API, Hidden Files and Directories, System Network Configuration Discovery |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.