Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

IndigoZebra

IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)

ID: G0136

Associated Groups:

Version: 1.0

Created: 24 Sep 2021

Last Modified: 25 Apr 2025

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1583	.001	Acquire Infrastructure: Domains	IndigoZebra has established domains, some of which were designed to look like official government domains, for their operations.(Citation: Checkpoint IndigoZebra July 2021)
		.006	Acquire Infrastructure: Web Services	IndigoZebra created Dropbox accounts for their operations.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1586	.002	Compromise Accounts: Email Accounts	IndigoZebra has compromised legitimate email accounts to use in their spearphishing operations.(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1588	.002	Obtain Capabilities: Tool	IndigoZebra has acquired open source tools such as NBTscan and Meterpreter for their operations.(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	IndigoZebra sent spearphishing emails containing malicious password-protected RAR attachments.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)
Enterprise	T1204	.002	User Execution: Malicious File	IndigoZebra sent spearphishing emails containing malicious attachments that urged recipients to review modifications in the file which would trigger the attack.(Citation: HackerNews IndigoZebra July 2021)

ID	Name	References	Techniques
Software
S0653	xCaon	(Citation: Checkpoint IndigoZebra July 2021) (Citation: Securelist APT Trends Q2 2017)	Standard Encoding, Boot or Logon Autostart Execution, Symmetric Cryptography, Native API, Data from Local System, Deobfuscate/Decode Files or Information, System Network Configuration Discovery, Security Software Discovery, Windows Command Shell, Web Protocols, Ingress Tool Transfer
S0651	BoxCaon	(Citation: Checkpoint IndigoZebra July 2021) (Citation: HackerNews IndigoZebra July 2021)	Local Data Staging, Boot or Logon Autostart Execution, Native API, Data from Local System, System Network Configuration Discovery, File and Directory Discovery, Exfiltration Over C2 Channel, Obfuscated Files or Information, Bidirectional Communication, Exfiltration to Cloud Storage, Windows Command Shell, Ingress Tool Transfer
S0012	PoisonIvy	(Citation: Breut) (Citation: Darkmoon) (Citation: FireEye Poison Ivy) (Citation: Novetta-Axiom) (Citation: Poison Ivy) (Citation: Securelist APT Trends Q2 2017) (Citation: Symantec Darkmoon Aug 2005) (Citation: Symantec Darkmoon Sept 2014) (Citation: Symantec Elderwood Sept 2012)	Keylogging, Rootkit, Local Data Staging, Active Setup, Symmetric Cryptography, Windows Service, Data from Local System, Mutual Exclusion, Application Window Discovery, Modify Registry, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Uncommonly Used Port, Windows Command Shell, Ingress Tool Transfer, Dynamic-link Library Injection

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

IndigoZebra

Associated Group Descriptions

Techniques Used

Software

References