Regin
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
The Regin malware platform supports many standard protocols, including HTTP and HTTPS.(Citation: Kaspersky Regin) |
.002 | Application Layer Protocol: File Transfer Protocols |
The Regin malware platform supports many standard protocols, including SMB.(Citation: Kaspersky Regin) |
||
Enterprise | T1564 | .004 | Hide Artifacts: NTFS File Attributes |
The Regin malware platform uses Extended Attributes to store encrypted executables.(Citation: Kaspersky Regin) |
.005 | Hide Artifacts: Hidden File System |
Regin has used a hidden file system to store some of its components.(Citation: Kaspersky Regin) |
||
Enterprise | T1056 | .001 | Input Capture: Keylogging |
Regin contains a keylogger.(Citation: Kaspersky Regin) |
Enterprise | T1036 | .001 | Masquerading: Invalid Code Signature |
Regin stage 1 modules for 64-bit systems have been found to be signed with fake certificates masquerading as originating from Microsoft Corporation and Broadcom Corporation.(Citation: Kaspersky Regin) |
Enterprise | T1090 | .002 | Proxy: External Proxy |
Regin leveraged several compromised universities as proxies to obscure its origin.(Citation: Kaspersky Regin) |
Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
The Regin malware platform can use Windows admin shares to move laterally.(Citation: Kaspersky Regin) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.