Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Olympic Destroyer

Olympic Destroyer is malware that was used by Sandworm Team against the 2018 Winter Olympics, held in Pyeongchang, South Korea. The main purpose of the malware was to render infected computer systems inoperable. The malware leverages various native Windows utilities and API calls to carry out its destructive tasks. Olympic Destroyer has worm-like features to spread itself across a computer network in order to maximize its destructive impact.(Citation: Talos Olympic Destroyer 2018)(Citation: US District Court Indictment GRU Unit 74455 October 2020)
ID: S0365
Type: MALWARE
Platforms: Windows
Version: 2.0
Created: 25 Mar 2019
Last Modified: 23 Apr 2021

Techniques Used

Domain ID Name Use
Enterprise T1555 .003 Credentials from Password Stores: Credentials from Web Browsers

Olympic Destroyer contains a module that tries to obtain stored credentials from web browsers.(Citation: Talos Olympic Destroyer 2018)

Enterprise T1070 .001 Indicator Removal: Clear Windows Event Logs

Olympic Destroyer will attempt to clear the System and Security event logs using wevtutil.(Citation: Talos Olympic Destroyer 2018)

Enterprise T1003 .001 OS Credential Dumping: LSASS Memory

Olympic Destroyer contains a module that tries to obtain credentials from LSASS, similar to Mimikatz. These credentials are used with PsExec and Windows Management Instrumentation to help the malware propagate itself across a network.(Citation: Talos Olympic Destroyer 2018)

Enterprise T1021 .002 Remote Services: SMB/Windows Admin Shares

Olympic Destroyer uses PsExec to interact with the ADMIN$ network share to execute commands on remote systems.(Citation: Talos Olympic Destroyer 2018)(Citation: PsExec Russinovich)

Enterprise T1569 .002 System Services: Service Execution

Olympic Destroyer utilizes PsExec to help propagate itself across a network.(Citation: Talos Olympic Destroyer 2018)

Groups That Use This Software

ID Name References
G0034 Sandworm Team

(Citation: CrowdStrike GTR 2019) (Citation: Trend Micro Cyclops Blink March 2022) (Citation: mandiant_apt44_unearthing_sandworm) (Citation: US District Court Indictment GRU Unit 74455 October 2020) (Citation: Secureworks IRON VIKING ) (Citation: UK NCSC Olympic Attacks October 2020)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.