Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Malteiro

Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active since at least November 2019. The group operates and distributes the Mispadu banking trojan via a Malware-as-a-Service (MaaS) business model. Malteiro mainly targets victims throughout Latin America (particularly Mexico) and Europe (particularly Spain and Portugal).(Citation: SCILabs Malteiro 2021)

ID: G1026

Associated Groups:

Created: 13 Mar 2024

Last Modified: 29 Mar 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.005	Command and Scripting Interpreter: Visual Basic	Malteiro has utilized a dropper containing malicious VBS scripts.(Citation: SCILabs Malteiro 2021)
Enterprise	T1555	.003	Credentials from Password Stores: Credentials from Web Browsers	Malteiro has stolen credentials stored in the victim’s browsers via software tool NirSoft WebBrowserPassView.(Citation: SCILabs Malteiro 2021)
Enterprise	T1027	.013	Obfuscated Files or Information: Encrypted/Encoded File	Malteiro has used scripts encoded in Base64 certificates to distribute malware to victims.(Citation: SCILabs Malteiro Threat Overlap 2023)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Malteiro has sent spearphishing emails containing malicious .zip files.(Citation: SCILabs Malteiro 2021)
Enterprise	T1055	.001	Process Injection: Dynamic-link Library Injection	Malteiro has injected Mispadu’s DLL into a process.(Citation: SCILabs Malteiro 2021)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	Malteiro collects the installed antivirus on the victim machine.(Citation: SCILabs Malteiro 2021)
Enterprise	T1614	.001	System Location Discovery: System Language Discovery	Malteiro will terminate Mispadu's infection process if the language of the victim machine is not Spanish or Portuguese.(Citation: SCILabs Malteiro 2021)
Enterprise	T1204	.002	User Execution: Malicious File	Malteiro has relied on users to execute .zip file attachments containing malicious URLs.(Citation: SCILabs Malteiro 2021)

ID	Name	References	Techniques
Software
S1122	Mispadu	(Citation: ESET Security Mispadu Facebook Ads 2019) (Citation: SCILabs Malteiro 2021) (Citation: SCILabs URSA/Mispadu Evolution 2023) (Citation: Segurança Informática URSA Sophisticated Loader 2020)	Deobfuscate/Decode Files or Information, Credentials from Web Browsers, Screen Capture, Msiexec, System Language Discovery, Browser Extensions, Browser Information Discovery, Spearphishing Link, System Information Discovery, Malicious File, Native API, Rundll32, Keylogging, Registry Run Keys / Startup Folder, Encrypted/Encoded File, Process Injection, Security Software Discovery, GUI Input Capture, Process Discovery, System Checks, File and Directory Discovery, Exfiltration Over C2 Channel, Asymmetric Cryptography, Clipboard Data, Credentials from Password Stores, Visual Basic

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Malteiro

Associated Group Descriptions

Techniques Used

Software

References