Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Инструмент Dyre
Каталоги
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Инструмент
Dyre
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Dyre

Dyre is a banking Trojan that has been used for financial gain. (Citation: Symantec Dyre June 2015)(Citation: Malwarebytes Dyreza November 2015)
ID: S0024
Associated Software: Dyzap Dyreza
Type: MALWARE
Platforms: Windows
Version: 1.2
Created: 31 May 2017
Last Modified: 22 Jun 2020

Associated Software Descriptions
Name Description
Dyzap (Citation: Sophos Dyreza April 2015)
Dyreza (Citation: Sophos Dyreza April 2015)

Techniques Used
Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Dyre uses HTTPS for C2 communications.(Citation: Symantec Dyre June 2015)(Citation: Malwarebytes Dyreza November 2015)

Enterprise T1543 .003 Create or Modify System Process: Windows Service

Dyre registers itself as a service by adding several Registry keys.(Citation: Symantec Dyre June 2015)
Enterprise T1074 .001 Data Staged: Local Data Staging

Dyre has the ability to create files in a TEMP folder to act as a database to store information.(Citation: Malwarebytes Dyreza November 2015)
Enterprise T1027 .002 Obfuscated Files or Information: Software Packing

Dyre has been delivered with encrypted resources and must be unpacked for execution.(Citation: Malwarebytes Dyreza November 2015)
Enterprise T1055 .001 Process Injection: Dynamic-link Library Injection

Dyre injects into other processes to load modules.(Citation: Symantec Dyre June 2015)
Enterprise T1053 .005 Scheduled Task/Job: Scheduled Task

Dyre has the ability to achieve persistence by adding a new task in the task scheduler to run every minute.(Citation: Malwarebytes Dyreza November 2015)
Enterprise T1497 .001 Virtualization/Sandbox Evasion: System Checks

Dyre can detect sandbox analysis environments by inspecting the process list and Registry.(Citation: Symantec Dyre June 2015)(Citation: Malwarebytes Dyreza November 2015)

Groups That Use This Software
ID Name References
G0102 Wizard Spider

(Citation: Forbes Dyre May 2017) (Citation: CrowdStrike Wizard Spider March 2019) (Citation: Malwarebytes TrickBot Sep 2019)

References

  1. Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.
  2. hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.
  3. Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.
  4. Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.
  5. Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.
  6. Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.