MITRE ATT&CK - Преступная группа IndigoZebra

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

IndigoZebra

IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)

ID: G0136

Associated Groups:

Version: 1.0

Created: 24 Sep 2021

Last Modified: 16 Oct 2021

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1583	.001	Acquire Infrastructure: Domains	IndigoZebra has established domains, some of which were designed to look like official government domains, for their operations.(Citation: Checkpoint IndigoZebra July 2021)
		.006	Acquire Infrastructure: Web Services	IndigoZebra created Dropbox accounts for their operations.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1586	.002	Compromise Accounts: Email Accounts	IndigoZebra has compromised legitimate email accounts to use in their spearphishing operations.(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1588	.002	Obtain Capabilities: Tool	IndigoZebra has acquired open source tools such as NBTscan and Meterpreter for their operations.(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	IndigoZebra sent spearphishing emails containing malicious password-protected RAR attachments.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1204	.002	User Execution: Malicious File	IndigoZebra sent spearphishing emails containing malicious attachments that urged recipients to review modifications in the file which would trigger the attack.(Citation: HackerNews IndigoZebra July 2021)

ID	Name	References	Techniques
Software
S0653	xCaon	(Citation: Checkpoint IndigoZebra July 2021) (Citation: Securelist APT Trends Q2 2017)	Data from Local System, Web Protocols, Boot or Logon Autostart Execution, System Network Configuration Discovery, Security Software Discovery, Symmetric Cryptography, Ingress Tool Transfer, Standard Encoding, Windows Command Shell, Native API, Deobfuscate/Decode Files or Information
S0651	BoxCaon	(Citation: Checkpoint IndigoZebra July 2021) (Citation: HackerNews IndigoZebra July 2021)	Bidirectional Communication, Windows Command Shell, File and Directory Discovery, Ingress Tool Transfer, Native API, Data from Local System, Exfiltration Over C2 Channel, Boot or Logon Autostart Execution, Exfiltration to Cloud Storage, Obfuscated Files or Information, System Network Configuration Discovery, Local Data Staging
S0012	PoisonIvy	(Citation: Breut) (Citation: Darkmoon) (Citation: FireEye Poison Ivy) (Citation: Novetta-Axiom) (Citation: Poison Ivy) (Citation: Securelist APT Trends Q2 2017) (Citation: Symantec Darkmoon Aug 2005) (Citation: Symantec Darkmoon Sept 2014) (Citation: Symantec Elderwood Sept 2012)	Windows Service, Modify Registry, Uncommonly Used Port, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Keylogging, Active Setup, Dynamic-link Library Injection, Local Data Staging, Windows Command Shell, Ingress Tool Transfer, Symmetric Cryptography, Data from Local System, Application Window Discovery, Rootkit

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

IndigoZebra

Associated Group Descriptions

Techniques Used

Software

References