LightNeuron
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .003 | Application Layer Protocol: Mail Protocols |
LightNeuron uses SMTP for C2.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
LightNeuron is capable of executing commands via cmd.exe.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1565 | .002 | Data Manipulation: Transmitted Data Manipulation |
LightNeuron is capable of modifying email content, headers, and attachments during transit.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1001 | .002 | Data Obfuscation: Steganography |
LightNeuron is controlled via commands that are embedded into PDFs and JPGs using steganographic methods.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
LightNeuron can store email data in files and directories specified in its configuration, such as |
Enterprise | T1114 | .002 | Email Collection: Remote Email Collection |
LightNeuron collects Exchange emails matching rules specified in its configuration.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
LightNeuron uses AES to encrypt C2 traffic.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
LightNeuron has a function to delete files.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
LightNeuron has used filenames associated with Exchange and Outlook for binary and configuration files, such as |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
LightNeuron encrypts its configuration files with AES-256.(Citation: ESET LightNeuron May 2019) |
Enterprise | T1505 | .002 | Server Software Component: Transport Agent |
LightNeuron has used a malicious Microsoft Exchange transport agent for persistence.(Citation: ESET LightNeuron May 2019) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.