MITRE ATT&CK - Преступная группа Sharpshooter

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

Sharpshooter

Operation Sharpshooter is the name of a cyber espionage campaign discovered in October 2018 targeting nuclear, defense, energy, and financial companies. Though overlaps between this adversary and Lazarus Group have been noted, definitive links have not been established.(Citation: McAfee Sharpshooter December 2018)

ID: G0104

Associated Groups:

Version: 1.0

Created: 14 May 2020

Last Modified: 26 Sep 2022

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Sharpshooter's first-stage downloader installed Rising Sun to the startup folder `%Startup%\mssync.exe`.(Citation: McAfee Sharpshooter December 2018)
Enterprise	T1059	.005	Command and Scripting Interpreter: Visual Basic	Sharpshooter's first-stage downloader was a VBA macro.(Citation: McAfee Sharpshooter December 2018)
Enterprise	T1559	.002	Inter-Process Communication: Dynamic Data Exchange	Sharpshooter has sent malicious Word OLE documents to victims.(Citation: McAfee Sharpshooter December 2018)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Sharpshooter has sent malicious attachments via emails to targets.(Citation: McAfee Sharpshooter December 2018)
Enterprise	T1204	.002	User Execution: Malicious File	Sharpshooter has sent malicious DOC and PDF files to targets so that they can be opened by a user.(Citation: McAfee Sharpshooter December 2018)

ID	Name	References	Techniques
Software
S0448	Rising Sun	(Citation: McAfee Sharpshooter December 2018)	File Deletion, Data from Local System, System Owner/User Discovery, Archive via Custom Method, Deobfuscate/Decode Files or Information, System Information Discovery, Obfuscated Files or Information, Web Protocols, Indicator Removal, Process Discovery, Asymmetric Cryptography, Exfiltration Over C2 Channel, Internet Connection Discovery, Windows Command Shell, File and Directory Discovery, Query Registry, Native API, Hidden Files and Directories, System Network Configuration Discovery

References

Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Sharpshooter

Associated Group Descriptions

Techniques Used

Software

References