Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Malteiro

Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active since at least November 2019. The group operates and distributes the Mispadu banking trojan via a Malware-as-a-Service (MaaS) business model. Malteiro mainly targets victims throughout Latin America (particularly Mexico) and Europe (particularly Spain and Portugal).(Citation: SCILabs Malteiro 2021)

ID: G1026

Associated Groups:

Version: 1.0

Created: 13 Mar 2024

Last Modified: 29 Mar 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.005	Command and Scripting Interpreter: Visual Basic	Malteiro has utilized a dropper containing malicious VBS scripts.(Citation: SCILabs Malteiro 2021)
Enterprise	T1555	.003	Credentials from Password Stores: Credentials from Web Browsers	Malteiro has stolen credentials stored in the victim’s browsers via software tool NirSoft WebBrowserPassView.(Citation: SCILabs Malteiro 2021)
Enterprise	T1027	.013	Obfuscated Files or Information: Encrypted/Encoded File	Malteiro has used scripts encoded in Base64 certificates to distribute malware to victims.(Citation: SCILabs Malteiro Threat Overlap 2023)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Malteiro has sent spearphishing emails containing malicious .zip files.(Citation: SCILabs Malteiro 2021)
Enterprise	T1055	.001	Process Injection: Dynamic-link Library Injection	Malteiro has injected Mispadu’s DLL into a process.(Citation: SCILabs Malteiro 2021)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	Malteiro collects the installed antivirus on the victim machine.(Citation: SCILabs Malteiro 2021)
Enterprise	T1614	.001	System Location Discovery: System Language Discovery	Malteiro will terminate Mispadu's infection process if the language of the victim machine is not Spanish or Portuguese.(Citation: SCILabs Malteiro 2021)
Enterprise	T1204	.002	User Execution: Malicious File	Malteiro has relied on users to execute .zip file attachments containing malicious URLs.(Citation: SCILabs Malteiro 2021)

ID	Name	References	Techniques
Software
S1122	Mispadu	(Citation: ESET Security Mispadu Facebook Ads 2019) (Citation: SCILabs Malteiro 2021) (Citation: SCILabs URSA/Mispadu Evolution 2023) (Citation: Segurança Informática URSA Sophisticated Loader 2020)	Screen Capture, Rundll32, Keylogging, Encrypted/Encoded File, Malicious File, Browser Extensions, System Checks, Spearphishing Link, Clipboard Data, System Information Discovery, Msiexec, Native API, Deobfuscate/Decode Files or Information, Credentials from Password Stores, Process Injection, Credentials from Web Browsers, Browser Information Discovery, File and Directory Discovery, Process Discovery, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, GUI Input Capture, Asymmetric Cryptography, System Language Discovery, Security Software Discovery, Visual Basic

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Malteiro

Associated Group Descriptions

Techniques Used

Software

References